A scammer might:
(1) Spoof an email account or website with slight variations of legitimate addresses to fool victims into thinking fake accounts are authentic.
(2) Send spear phishing emails. The messages look like they are from a trusted send to trick victims into revealing confidential information. The information lets criminals access company accounts, calendars and data that gives them the details they need to carry out the BEC scheme.
(3) Use malware. Malicious software can infiltrate company networks and gain access to legitimate emails threads about billing and invoices. That information is used to time requests or send messages so accountants don’t question payment requests. Malware also lets criminals gain undetected access to victim’s data, including passwords and financial account information.
Once access is gained, scammers will send emails from your compromised account to your customers. Most will have payment changes and request payments to be sent to a different financial institution than previously used.
When payment information is changed, business customers are sending legitimate funds to an illicit account at another financial institution. The scammer has also gained access to private information of a business and individuals.
