Seemingly the right sender (spoofed) and a different reply-to
Email injected into the compromised email accounts (with changed or fake invoices)
Emails from similar domains like from@conpany.com instead if from@company.com
Damage multiple 10k $
Just imagine, the damage can be any amount you commonly pay to suppliers or contractors.
The fraud can go on for some time and will only be noticed when the real recipient complains about not getting their money.
A better business relation can therefore cause the fraud to be successful for a longer time and cause more financial and relational damage :-(
Again a common technique was to start with an innocent request, e.g something like "Can you sent us a list of open invoices you have with us"
Added benefits to the added trust, now you can reference real invoices and the correct amount. Much less suspicious 😞
#SecurityMesasures
Again it the #LittleThings and gut feeling.
How often do business partners change their banking details? In my experience not too often.
Again, don't be afraid to ask. Use a second communication channel and talk about the emails you receive. Don't be afraid to talk about details
