Attempted Fraud Advisory–Spoofed Messages from Community Leaders Requesting Funds Transfers

By Ben Woelk

The STC Rochester Treasurer received a request that appeared to come from the STC Rochester President to transfer funds to a beneficiary. The email was fraudulent and only appeared to come from the STC Rochester President email address. However, the attacker had the names of the president and treasurer correct.

Here’s the message text:

From: NAME <president@stc-rochester.org>
To: treasurer@stc-rochester.org
Cc:
Date: Mon, 11 Jul 2016 08:51:58 -0600

Subject: TRANSFER REQUEST

TREASURER NAME, I'll need you to process a transfer of 1,900USD to a vendor. Let me know if you are available so i can send you the beneficiary details immediately.

Kind Regards.
PRESIDENT NAME
Sent from my iPhone

As a security professional, I’ve seen this type of attack across many industries, but attackers are now targeting small businesses and non-profit organizations.

What Should I do to Keep Safe?

The best defense against this type of attack is having sufficient financial controls/processes in place so that someone cannot inadvertently respond and send any funds. (Note that the funds will not be recoverable.) If you don’t have processes in place to ensure that requests for funds are reviewed before being released, you need to put those processes in place now.

If you do fall victim to an attack, you should notify your local law enforcement and your financial institution. Change your email and banking passwords immediately.

If you receive an unexpected email with an attachment, verify with the sender before opening the attachment. Your antivirus program (and you need one, even if you’re using a Mac) may not detect the attachment as malicious, so you’ll need to scan your computer.

Resources

Ben Woelk, CISSP
Information Security Office Program Manager
Rochester Institute of Technology
Senior Member, Society for Technical Communication
Author of Shockproofing Your Use of Social Media: Staying Safe Online, available on Amazon Kindle.
Ben.woelk@gmail.com
@benwoelk