Home » Fraud Prevention » ID Systems & Services in Fraud Prevention

Legitimate procurement + accounting letters? Or cyberattack?

Hundreds of organisations in a variety of sectors have been receiving what appear to be legitimate procurement and accounting letters. However, the emails contain malicious attachments and attempt to trick the receivers into giving away confidential corporate data that can be used for criminal financial gain.

This is a new wave of financial spear-phishing emails identified by Kaspersky Lab researchers, affecting about 800 employees in more than 400 industrial organisations. The companies affected have been mainly based in Russia and in sectors ranging from oil and gas, to metallurgy, energy, construction, and logistics.

Targeted, personal emails

The letters were carefully written and targeted to include the recipient's name and personal details as well as information pertinent to each company. Kaspersky's report said: “The emails were disguised as legitimate procurement and accounting letters, containing content that corresponded to the profile of the attacked organizations and took into account the identity of the employee – the recipient of the letter.”

Malware downloaded from the email attachments modifies the company's legitimate software, enabling criminals to connect to the computer and access documents and software related to the procurement, financial and accounting operations. The criminals could then commit financial fraud by changing requisites in payment bills, for example. They could also obtain administrator rights or steal user authentication data by uploading additional sets of malware, prepared individually for an attack on each victim. According to Kaspersky, this included spyware, additional remote administration tools that extend the control of attackers on infected systems and malware to exploit vulnerabilities in the operating system, as well as the Mimikatz tool that allows users to obtain data from Windows accounts.

What should you do?

The company issued this advice for companies:

  • use security solutions with dedicated functionality aimed at detecting and blocking phishing attempts; and
  • introduce security awareness initiatives, including gamified training with skills assessments and reinforcement through the repetition of simulated phishing attacks.

Kaspersky Lab's Vyacheslav Kopeytsev commented: “The attackers demonstrated a clear interest in targeting industrial companies. Based on our experiences, this is likely to be due to the fact that their level of cybersecurity awareness is not as high as it is in other markets such as financial services. That makes industrial companies a lucrative target for cybercriminals, not only in Russia, but across the world.”

This item appears in the following sections:
Fraud Prevention
ID Systems & Services in Fraud Prevention
Minimizing Fraud Procedures
Minimizing Payment Fraud

Also see


No comment yet, why not be the first?

Add a comment