A new business email compromise (BEC) scam targeting company customers by asking for aging reports from employees, has been discovered by Agari Cyber Intelligence Division.
BEC scammers impersonate CEOs of targeted companies and request information from employees on invoices that are overdue for payment in the form of an aging report. Aging reports, also known as a schedule of accounts receivable, are sets of outstanding invoices that show which customers haven’t yet paid services or goods that were purchased on credit. These scammers use fake names and free email accounts to target employees in a BEC scam.
“I need you to email me the aging report from A/R, and also include customer payable contact email on this report. Looking forward to your reply,” the email reads.
Agari Cyber Intelligence Division responded to the email by sending a fake aging report. The scammers then asked for the clients’ email addresses. In this way, the scammers will obtain a company’s customer names, outstanding balances, and contact information. The scammers will also offer the customers a “good deal” such as having to pay less to get their debts settled.
“With this information, they can create a credible-looking email account alias, assume the identity of an employee on our finance team, and request that they pay the outstanding balance referenced on the aging report,” Agari said in a blog.