Targeted Phishing Attempts at Fraud - Wire Transfers, Gift Cards

Threat Level: Medium
Threat Type: Business Email Compromise
Advisory Date: 07/13/2023

Description

University of Regina is warning email users of an occurrence of the Business E-mail Compromise scam or “B.E.C.,” a scheme that targets specific departments within large organizations.  This type of scam has resulted in large financial losses in many other organizations around the world.

The fraudsters go to great lengths to spoof uregina.ca e-mail, in conjunction with social engineering to act as the identity of a person in a senior position, such as deans, directors or executives and trusted third party vendors. They research employees who manage money and use language specific to the user and organization they are targeting.

Typically, they use these non-affiliated accounts in attempts to lend legitimacy, and will imply urgency in their exchange with you. We have also seen these emails mailed to specific departments and ask to contact external phone numbers by text.

They will normally ask for either:

  1. A wire transfer to be made urgently
  2. A purchase of gift cards to be sent via photo or sending the code directly
  3. Requests for personal information or other items that can be sent digitally

Impact

The fraudulent email messages, which appear to be coming from legitimate email addresses from their mobile device, asking you to process a urgent business wire or purchase of items such as gift cards.

Examples may appear such as:

Example 1:

Subject: Urgent

Hello [Valid First Name of Recipient],

I will need you to take care of a financial obligation for me today. What is the required information needed for you to buy some iTunes gift cards on my behalf?

Example 2:

Subject: Transfer

[Valid First Name of Recipient],

I need you to facilitate a wire transfer for a payment, let me know if you're available and I will forward the details for the payment. I’ll wait for your email.

Thanks

Example 3:

Subject: Request

Hi [Valid First Name of Recipient], Good day, hope you are having a nice day. Please I will need you to take care of a wire bank transfer for me today. What is the required information needed for you to process a Wire bank transfer? Thanks

Sent from iPhone

Example 4:

Subject: RE: Hello

I'm in a meeting right now and that's why I'm contacting you through here. I should have call you, but phone is not allowed to be use during the meeting.

I don't know when the meeting will be rounding up, and I want you to help me out on something very important right away.

Example 5:

Subject: URGENT REPLY

      Are you available for a quick task? I'm in a conference call right now
      you can text me back on this number (555) 555-5555

While our spam filters are typically successful at determining such messages are not legitimate and marking them as spam, care from users must be taken not to reply.  Any message identified by the spam filters will include a tag in brackets appended to the subject line such as "[Spam] Re: Hello" or "[External]" indicating that this message arrived from a non-uregina account.

However, unlike traditional phishing scams, spoofed emails used in these types of fraud schemes may not always set off spam traps because these are targeted phishing scams that are not mass e-mailed. Also, the crooks behind them take the time to understand the target organization’s relationships, activities, interests and travel and/or purchasing plans to increase their chances of a successful compromise.

The FBI estimates that organizations victimized by BEC fraud attacks lose on average between $25,000 and $75,000. But incidents over the past year have cost victim companies millions of dollars.

Resolution

  • Review our phishing guidelines to learn how to spot phishing
  • If you have been engaged by potential fraudsters, please report any instances of messages.
  • Be wary of e-mail-only requests involving urgency.
  • Do not attempt to contact phone numbers sent in phishing emails
  • Verify if the email is legitimate by phone or in person and validate all requests for wire transfer or gift card purchases.
  • Be cautious of mimicked e-mail addresses, and incorrect 'reply-to' addresses.

Resources

These types of fraud attempts succeed because they rely almost entirely on deceiving employees, it is recommended you learn their tactics by taking information security awareness training so you can spot these attempts with ease.

Krebs on Security: FBI: $2.3 Billion Lost to CEO Email Scams

Scammers pose as company execs in wire transfer spam campaign 

iTunes Gift Card Scams