New wave of ‘spear phishing’ scams targets firms in Alaska and Canada
By Chris Klint – December 1, 2015
Alaska businesses should be on guard against an increase in email attacks targeting their bank accounts from scammers claiming to be employees, the Better Business Bureau said Tuesday.
According to a statement from the bureau, the scheme — a type of “phishing” email attack known as “spear phishing” for its reliance on targeting specific people — uses fraudulent emails which direct employees to subtly modified Web links to conduct apparently routine money transfers.
“The fraudulent emails ask the chief financial officer or controller to wire money for payment to a vendor,” BBB officials wrote. “Attached to the email is an invoice with payment terms, wire transfer instructions and directions to notify the ‘CEO’ when the transfer is complete. Once the funds are received, the scammers empty the account.”
Michelle Tabler, the BBB’s Alaska regional manager, said the newest reports match the outline of an attack that cost the Afognak Native Corp. $3.8 million this spring.
The FBI reported a 270 percent increase in phishing attacks last year at a cost of almost $800 million to U.S. businesses since October 2013.
Matthew Caldwell, a consultant in the Anchorage office of Georgia-based cybersecurity consulting firm Borderhawk, said the company has amassed a list of about 37,000 companies that may be targeted for spear phishing attacks, including many in Anchorage and across the state.
“We have seen specific Alaska Native corporations in the list; we’ve seen quite a few local businesses in that potential list,” Caldwell said. “We have seen oil and gas also targeted and also, strangely, Canadian companies — it’s like they’re targeting Alaska and northern Canada.”