- 32
- 8
- 17 Май 2020
This scheme is quite old but still operable in the underworld. I am sharing this, for the sole purpose of enlightenment, incident response practices and progressive research. I will not be accountable for deviant actions committed by readers, although it is a black scheme for earning. Firstly the scheme entails gaining access to email accounts, that a company uses to conduct business transactions (processing and receiving of payments), after getting access to the email, the actor goes through the inbox and new mails in search of keywords such as ‘Invoices’, ‘Product inquiry’ or basically, any new email regarding placement of an order ( this would be what the actor should look for, as they are the relevantly mails needed). After reading through the mails, the actor is on the lookout for mails from clients who have been sent a proforma invoice. Hence, an anticipation of a part payment, as indicated on the invoice, from the client, if such mail is found, it is suggested that the actor implements the following attack vectors;
email spoofing using an e-mailer: The actor is expected to extract the email address of the potential customer and send an email through a mailer using the compromised email address and name as it appears.
social engineering: The context of the mail should be that, the bank account of the company of the compromised email is undergoing some audits, hence, it would not be able to receive the payment using the details on the invoice and since the trade can not be postponed, the payment should be made to an alternate account ( drop account). You can make up better stories but this one should work too, now all you have to do is sit back and wait for the payment receipt in your email after a job well done.
Note: it is advisable that you clone the email address of the client and ask that the payment receipt should be sent to the cloned email by the customer upon completion of payment, It is better than having the receipt sent to the original email, and not reading and deleting it before the email owner views the mail. for example if the compromised email is ‘[email protected]’ the cloned email can be ‘[email protected]’, you can say it’s the email of an assistant representative. Sounds easy, cheers.
email spoofing using an e-mailer: The actor is expected to extract the email address of the potential customer and send an email through a mailer using the compromised email address and name as it appears.
social engineering: The context of the mail should be that, the bank account of the company of the compromised email is undergoing some audits, hence, it would not be able to receive the payment using the details on the invoice and since the trade can not be postponed, the payment should be made to an alternate account ( drop account). You can make up better stories but this one should work too, now all you have to do is sit back and wait for the payment receipt in your email after a job well done.
Note: it is advisable that you clone the email address of the client and ask that the payment receipt should be sent to the cloned email by the customer upon completion of payment, It is better than having the receipt sent to the original email, and not reading and deleting it before the email owner views the mail. for example if the compromised email is ‘[email protected]’ the cloned email can be ‘[email protected]’, you can say it’s the email of an assistant representative. Sounds easy, cheers.