Impersonating a company's CEO or other senior executive has become a favorite technique for cybercriminals seeking to extract payments from businesses. Historically this has been aimed at accounts payable departments, but the latest email threat report from FireEye shows attackers using two new variants to target payroll and supply chains. The payroll variant targets the department with an email requesting changes to an executive’s personal data, such as bank details, with the objective of diverting an executive’s salary to a third-party account. While the supply chain version targets the accounts payable department by impersonating an email from a trusted supplier…
[Continue Reading]