04 Aug 2024 - AJ
There are well-known scams and phishes and then there are scams/phishes that are kind of niche and you don’t hear about as often.
This week’s scam/phish is one of the niche ones that got reported to my office by a sharp-eyed accountant. I don’t do accounting but I do have an accountant in my family, so at least I could find out what an AR Aging Report was. Further research led me to the particulars behind this scam - why it’s done and how it works. The two different sources I was able to find (one security blog, one post on reddit’s scams subreddit) mentioned different versions with the same general idea.
As I mention in the post, it’s a cousin to the “Boss Needs Gift Cards” scam that snares unfortunate employees. It’s also more dangerous, because the staff member is sending out confidential information to an unknown party - a security incident and a form of Business Email Compromise (BEC). (While this often includes account takeover, it’s not required - the “Boss Needs Gift Cards” version is also BEC.)
The average person without a business will never run across this particular scam because it’s aimed at businesses, but, well, knowledge is half the battle!
(Also, I’ve updated the web page format a little, to prepare for later features and to make it a bit less ugly.)