Leading Perth IT company Qbit Computers has identified a new and dangerous scam targeting Australian businesses.
Qbit Director Fabio Suffell said the scam targeted finance departments and its sophisticated nature was catching many businesses off guard.
“What is new about these attacks is the uncanny realism of the emails which are sent to a company’s finance staff, apparently from their senior managers requesting payments to be,” Mr Suffell said.
“The perpetrators thoroughly research the target business to identify senior managers and accounting staff before sending an email using a hacked third party server.
“Unlike many scams, these emails contain perfect English and are formatted to look exactly like your internal emails with the scammers now also engaging in conversation via reply emails,” he said.
“Alarmingly, SPAM and anti-virus filters do not always identify or block these emails as each one is sent manually.”
Information used by the scammers is sourced from company websites through “meet the team” pages as well as social media platforms like Facebook and LinkedIn. The below email is a real example sent to Qbit from a scammer pretending to be Qbit Director Dave Musarra.
The email appears genuine, but it is only when a reply is generated that the ruse becomes apparent, and even then, only to the keenest eye. The scammer’s reply address is subtly different from the original, perhaps with only one character different, meaning they receive the response rather than the supposed sender.
“Thankfully we’ve been able to identify and intervene in a number of recent cases where Western Australian businesses have been targeted by this dangerous new scam,” Mr Suffell said.
“However, early intervention is still extremely important if your business has already fallen for the trap, as banks may be able to cancel or block payments before they are processed.
“We believe the best defence is still vigilance so it is important to warn as many businesses as possible.”
Qbit recommends the following actions be taken by businesses to prevent successful scams.:
- Warn all staff in the business, especially finance staff;
- Seriously consider taking details of finance staff off the company website;
- Use a ‘contact us’ form on your website instead of listing email addresses; and
- Ensure that all staff confirm payment instructions directly with senior management using another means such as SMS/text or phone before processing payments.
Qbit Computers is a Perth based IT company supporting small to medium organisations with their IT needs. Owned by Fabio Suffell and David Musarra, Qbit employs 13 people and strives to deliver exceptional service to its customers through regular visits and updates regarding current cyber threats.
For further information contact Fabio or David on (08) 6364 0600.