FBI IC3

Attackers ‎are‏ ‎employing ‎a ‎variety ‎of ‎methods,‏ ‎including ‎phishing‏ ‎emails‏ ‎with ‎malicious ‎attachments,‏ ‎obfuscated ‎script‏ ‎files, ‎and ‎Guloader ‎PowerShell,‏ ‎to‏ ‎infiltrate ‎and‏ ‎compromise ‎victim‏ ‎systems. ‎Invoice ‎fraud, ‎a ‎form‏ ‎of‏ ‎business ‎email‏ ‎compromise ‎(BEC),‏ ‎is ‎one ‎of ‎the ‎popular‏ ‎methods‏ ‎used‏ ‎by ‎attackers‏ ‎to ‎deceive‏ ‎victims. ‎In‏ ‎this‏ ‎type ‎of‏ ‎scam, ‎a ‎third ‎party ‎requests‏ ‎payment ‎fraudulently,‏ ‎often‏ ‎by ‎impersonating ‎a‏ ‎legitimate ‎vendor

Invoice‏ ‎scams ‎pose ‎a ‎significant‏ ‎threat‏ ‎to ‎businesses,‏ ‎as ‎they‏ ‎can ‎result ‎in ‎substantial ‎financial‏ ‎losses‏ ‎and ‎irreparable‏ ‎damage. ‎According‏ ‎to ‎the ‎FBI ‎IC3 ‎report,‏ ‎in‏ ‎2022,‏ ‎BEC ‎attacks‏ ‎caused ‎$2.7‏ ‎billion ‎in‏ ‎losses‏ ‎to ‎US‏ ‎victims, ‎making ‎it ‎the ‎most‏ ‎pervasive ‎form‏ ‎of‏ ‎business ‎email ‎compromise.

Some‏ ‎indicators ‎of‏ ‎fraudulent ‎email ‎invoices ‎include‏ ‎requests‏ ‎for ‎personally‏ ‎identifiable ‎information‏ ‎(PII), ‎unusual ‎requests ‎such ‎as‏ ‎changes‏ ‎to ‎banking‏ ‎or ‎payment‏ ‎information, ‎and ‎invoices ‎with ‎unusual‏ ‎dollar‏ ‎amounts.‏ ‎Additionally, ‎attackers‏ ‎often ‎use‏ ‎obfuscation ‎techniques‏ ‎to‏ ‎evade ‎defenses‏ ‎and ‎make ‎their ‎malicious ‎activities‏ ‎more ‎difficult‏ ‎to‏ ‎detect.