FBI Warns Against COVID-19 Business Fund Transfer Phishing Scams

April 14, 2020

a hand holding a piece of papaer that says phishing scam on it is pictured passing the paper to someone with a handful of cash.

As most businesses continue to operate remotely, many companies find themselves paying invoices and making purchases using electronic transfers of funds, especially for protective gear and services to combat COVID-19. The FBI is warning organizations that a new threat is emerging as electronic funds transfers become the norm – fraudsters targeting businesses and agencies in business compromise email scams.

Here’s how it works:

An unwitting victim receives an email from a company that they normally do business with requesting a transfer of funds to pay for a recently incurred expense, like personal protective equipment for staffers.
The invoice tells the victim that because of the pandemic, instead of paying it in the usual way, they’re instead accepting payment into a new account.
But of course, that account belongs to the bad guys, and they just got paid.

An especially nasty variation of this scheme features cybercriminals posing as corporate officers using official-looking email addresses and web pages to trick bank officials into transferring money into new accounts because the old ones “can’t be accessed right now during the pandemic”.

Phishing scams come in all shapes and sizes and can target anyone from the intern pool to the C-suite. That’s why BullPhish ID is the perfect tool for training every user to identify and resist phishing attacks. With features that allow IT security professionals to build unique groups for training and testing plus customize the materials to that audience, BullPhish ID creates targeted exercises that mimic the threats that staffers are facing today and prepares them for the threats of tomorrow.