A new email breach attack has been discovered that targets ACH payment information with various clients. This type of attack is known as an “invoice scam” or “business email compromise” (BEC). The hackers behind this attack are impersonating trusted sources, such as suppliers or executives, to trick victims into changing their ACH payment information to accounts under the attacker’s control.
Here’s how the attack works: the attacker sends an email to an employee within an organization, usually in the finance or accounting department, pretending to be a trusted source. The email contains a request to update the organization’s ACH payment information for future transactions. The employee, believing the request is legitimate, updates the information, allowing the attacker to divert future payments to their own account.
The attacker is using tactics to make their emails appear trustworthy, such as using similar email addresses, logos, and language as the targeted company’s trusted source. The emails may also contain a sense of urgency, such as a request to update the information immediately due to a change in banking details.
To prevent this type of attack, it’s essential to follow proper cybersecurity protocols and be vigilant when it comes to email communication. Here are some tips to help protect your organization from this attack:
- Verify the legitimacy of all requests for changes in payment information. If in doubt, call the sender to confirm the request.
- Use multi-factor authentication when accessing sensitive information, such as ACH payment information.
- Train employees on how to identify and respond to phishing emails.
- Monitor your organization’s bank accounts and transactions regularly to detect any suspicious activity.
- Use anti-virus software and firewalls to protect your network and email systems.
It’s essential to be proactive in protecting your organization from these types of cyber attacks. By following these tips and staying vigilant, you can help prevent your organization from becoming a victim of an invoice scam or BEC attack.
In conclusion, the email breach attack targeting ACH payment information is a serious threat to organizations of all sizes. By staying informed and taking proactive steps to protect your organization, you can help prevent this type of attack from happening to you.