Alert! Cyber Researcher Finds Fake Emails Disguised As CEOs

JAKARTA - Over the past few weeks, Kaspersky has detected a series of state-of-the-art attack attempts aimed at defrauding certain organizational financial departments into paying for fake invoices.

Email emulating a correspondence between organization CEOs and contractor companies was sent to the organization's financial department to persuade them to pay for an urgent "facturing" suspected of being a "consultation service".

"This attack stands out because of his very careful attention to the details and exploitation of trusted relations," said Anna Lazaricheva, spam analyst at Kaspersky.

The general scheme of the attack was carried out in the name of the management representative of the targeted company. Most importantly in all the cases analyzed, the sender is fake, where the original email address was used to convince the victims that the email was valid.

Several incidents involved emails emulating a correspondence between the company's CEO and the alleged contractor's law firm, urging the financial department to pay for attached fake invoices.

"By creating a series of convincing emails posing as high-level executives, attackers rely on employee shyness to question seemingly genuine requests," he added.

In this attack, the name of a fictitious partner company is only listed in the sender's name field, and the actual email address is different and changes from one email to another.

Meanwhile, another incident featured a similar email emulating communications between CEOs and contractor companies to request urgent payments for fake invoices, but this time the invoice itself was not attached.

"Companies must prioritize employee training and a strong email verification system to counter this growing threat," said Anna.