Hacking + Financial Scam = Big Trouble
Lately we have seen an increase in the number of computer hacks that are combined with financial scams. They typically work like this:
The hackers get access to a Microsoft 365 email account that has admin privileges. They can do this in a number of ways. One way is if a different website or account that you use gets hacked and your email account uses the same password.
Once they have access to your account, they go through your email looking for email addresses of people or partners with which you have a financial relationship. A list of these email addresses are then compiled.
Next, they setup a relay from their email address to yours. This allows them to send email from their location that looks like it is coming from your account. They also setup an email rule that automatically deletes their emails immediately after they are sent.
Then a very official looking document is sent as an attachment to everyone on the list. This document tells the recipient to change the account numbers they use for ACH payments to you.
If the scam is successful, the recipient company will send your money to the new account whereupon it quickly disappears.
It is not difficult to prevent this scam.
Use unique passwords for all websites and logins. See our blog post on Creating Strong Passwords for a short tutorial on how to do this.
If you have Office 365 email, use the dual-factor authentication option that is available for free from Microsoft.
For remote access to a network, Duo has a good dual-factor system. If you have a Fortinet firewall you can get an add-on product that does the same thing as Duo.