Supply Chain Impersonation Attack Increased By 25% In Q2 2019, Study Finds

• In a highly sophisticated impersonation attack, attackers impersonate a legitimate vendor, which does business with the targeted company, in order to steal money or sensitive information.
• Such emails are drafted so as to appear legitimate tricking unsuspicious users into making the wire payment, thereby causing financial loss.

What’s the matter?

Supply chain impersonation attacks that impersonate business executives via sophisticate phishing emails have become a major threat to every organization.

Why it matters?

• According to the FBI’s latest public service announcement, the global financial loss from impersonation attacks is more than $26 billion.
• New research revealed that impersonation attacks are increased by 25% in the second quarter of 2019.

Some of the tactics used in impersonation attacks

Researchers from FireEye noted that in a highly targeted impersonation attack, attackers impersonate a legitimate vendor, which does business with the targeted company, in order to steal money or sensitive information.

The researchers observed an attack and noted some of the interesting tactics used by the attackers in the attack campaign. The phishing email purported to be from Clarence DeCEOzar in the accounting and billings team at Steeling Savings Bank with a legitimate business issue and contained information relative to the recipient, Steve Jenkins in the Accounts Payable Department.

• In this phishing email, the sender impersonates the accounting and billing team at Steeling Savings Bank.
• The phishing message is customized to the recipient.
• The email includes a photoshopped invoice in order to trick the recipient.
• Timing is marked urgent in order to make the recipient take immediate action.
• A legitimate-looking signature and contact information is added to add authenticity to the email.

“Hi Steve,

Since we have not received a contract termination letter. I am assumed that you unintentionally overlooked our invoice #1840674 (Unpaid). If you intend to terminate the account, just let us know. Be informed that early withdrawal penalties will apply if not paid within 24 hours.

Regards, Clarence

Clarence DeCEOzar
Steeling Savings Bank | Accounting and Billings Team...,” the email read, FireEye reported.

The bottom line

Such emails are drafted so as to appear legitimate tricking unsuspicious users into making the wire payment, thereby causing financial loss.