Invoices can be a costly matter — and not always in the usual sense. Phishers believe that you would have a hard time spotting fake bills, which is why they’re increasingly using them as part of their mass mailings.
These scams happen when adversaries trick individuals into transferring funds by acting as legitimate companies. Paying just a single fraudulent bill can set you up for being a victim of a bigger fraud down the line.
Phishers can send fake invoices/bills to both individuals and companies. Last year, a Lithuanian man pleaded guilty for sending bogus invoices for computer gear to Facebook and Google. The scam allowed the fraudster to bilk the tech giants out of $123 million over the course of two years.
On an individual level, many Apple users received fake iTunes bills for purchases they didn’t make. Phishers duplicated an authentic Apple email and also placed the company’s logo on the invoice, making it difficult to determine whether it was legitimate or fake. Below is an example:
In this article, we take a closer look at how fake invoice and bill phishing scams work. You’ll learn about common attack techniques, how to identify the potential red flags and what defensive measures are available to you.
Typically, these scams work in three steps:
Fake invoice scams take advantage of the fact that the average email user or someone handling administrative tasks for a business may not know whether any product or service has actually (Read more...)
*** This is a Security Bloggers Network syndicated blog from Infosec Resources authored by Dan Virgillito. Read the original post at: http://feedproxy.google.com/~r/infosecResources/~3/icjuPo84VpU/
Authors/Presenters: *Cheng-Long Wang, Mengdi Huai, Di Wang* Many thanks to USENIX for publishing their outstanding USENIX Security ’23 Presenter’s content,…
Security testing allows you to evaluate the robustness of applications and systems and identify potential weaknesses that attackers may exploit.…
Did you know that the total number of data breaches more than tripled between 2013 and 2022? These breaches exposed…
PHP Extended Lifecycle Support (ELS) allows you to continue using older versions of PHP while still receiving security updates for…
In light of cookie stealing attacks and to ensure Chrome browser protection, Google has recently piloted its new Chrome DBSC.…
Our digital world is based on connectivity, but with that comes great responsibility. Businesses manage vast amounts of client information.…