News broketodaythatBEC scammers have responded to the flurry of attention brought on their practices in 2018 by moving towards a different tactic; impersonating an employee and issuing a fraudulent request to change their bank account details with the HR department.
Corin Imai, Senior Security Advisor at DomainTools:
“As public awareness of BEC scams has grown in the past year, it is only natural for scammers to pivot towards a different entry point. While HR departments have always been a highly valued target for fraudsters due to the readily accessible PII and financial details, diverting funds by pretending to be an employee is a relatively new tactic, which makes sense; Employees changing bank accounts is a relatively common occurrence, and making sure people get paid is a top priority for any HR department, which may lead them to overlook tell-tale signs of a fraudulent email. The advice remains the same when it comes to BEC fraud: Check with the individual involved and follow organisational protocol. It’s better to be slightly later in paying than to willingly pay a criminal. Don’t let yourself become the human vulnerability!”
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.