We've had a few conversations with our customers recently who have alerted us to extortion attempts against their organizations. Thankfully, none were successful.

This post is to detail the events that have transpired so that you can alert your organizations and increase your odds of not falling victim to this scam:

  • Attackers will register a domain name similar to yours. For example, the attacker might register Rapid7.co when Rapid7.com is the legitimate domain
  • Attackers will target the financial organization while impersonating a executive and requesting that funds be transfered to a bank account
  • Please note that the attackers are very adept at convincingly carrying on email conversations with their targets

Should this approach fail, or even if it is successful, the attackers might then move to target your customers, vendors, or partners depending on how much information they can obtain through open source research. The sequence of events for the second scam are as follows:

  • Attackers will use the spoofed domain name to email customer, vendor, or partner invoicing and accounts payable departments informing them that a disastrous event has caused a need to divert payments to another account

To mitigate these threats, we recommend the following:

  • Implement a verification step in wire transfer processes, invoicing processes, and accounts payable processes to validate the authenticity of the requests
  • Communicate with your vendors, suppliers, and customers to ensure they know who to contact should they have questions regarding invoices from your organization
  • Re-emphasize the importance of validating email fields such as "FROM:" to identify spoofed domain names

As always, if you have any questions, please engage your account representative or contact us and we're happy to help.

- @wadew