Hackers are getting clever in how they are infiltrating your organizations network.  One of the most popular attacks are emails with fake invoices attachments.  These emails are disguised as invoices and commonly sent to users within the organization that approve the invoices.  These fake invoice emails could contain malicious malware or simply direct the user to transfer or make payments to a specific account.

MVR Group has observed many organizations falling victim to this type of attack lately.  Customers have reached out to us for solutions to stay protected or the next steps after falling victim to this attack themselves.

Why is this so common?

With social media at our fingertips, this type of attack is very common and allows the attacker to already know who works at the organization and their position within the company making it easier to impersonate a user.  With this knowledge, the hacker is able to send email to the right person and make it look genuine, thus making the success rate of these type of attacks extremely high.

How come our security filters don’t catch them?

Blacklists:

Traditional security measures focus on malware signatures and URL reputation.  Today, hackers are using zero-day sites (newly created sites) to send their email from allowing them to bypass these traditional security measures, since these sites have not had enough time to be considered a threat.

Impersonations:

In other instances, hackers impersonate users such as a CEO to gain unauthorized access into the network.  This is where email arrives and appears to be from someone internal, like the CEO, and is forwarding fake invoices to someone like the accounts payable team to process it.  This is one of the most common attacks MVR Group has seen lately among organizations.  With the help of social media, this makes this type of attack easier since the information about the company and its staff are readily available.

How to protect yourself?

  • Be suspicious if a business or organization asks you to click on a link and then asks for username and password.  You shouldn’t have to provide credentials to view an invoice that is sent to your email by a vendor.
  • Be cautious about opening attachments – remember a hacker could be impersonating to be a friend, family member, or co-worker.  Verify the email address in the “From” field.  If it doesn’t seem right, then don’t open it.
  • Make sure your security software is up-to-date.  Keeping up with security updates help reduce the risk of your system being vulnerable to these attacks.

For complete security protection, contact MVR Group and let our experts perform a security audit and provide you the solutions to prevent your company from falling victim to this type of attack.