Phishing scam mimics company staff emails, warns information authority
Cyber-criminals have been sending phishing emails to human resources departments at Estonian companies, in an effort to divert legitimate payroll payments to their own accounts, Baltic News Service reports.
Several companies have approached the Estonian Information System Authority (RIA), reporting emails which resemble those of in-house staff requesting that the HR department amend the supposed recipient's banking details.
To date, the scam has been unsuccessful, so far as the RIA is aware.
"We do not have information on the victims at present, but we know the e-mails have gone through, and luckily, no transfers have been made yet. Whether anyone anywhere has fallen for it, we do not know, as this is a quite fresh phenomenon," RIA chief of communications Helen Uldrich told BNS.
The criminals' ability to spoof legitimate email addresses is a matter for the company's own security, the RIA added.
"Unless corporate email communications are protected by the Domain-based Message Authentication, Reporting & Conformance (DMARC) protocol or other security-enhancing tools, such emails can also easily come from a company's own e-mail addresses and appear even more credible," the authority warned on its own social media page.
The RIA also recommends double-checking with any colleague, business partner or service provider upon receiving an e-mails concerning bank details and other sensitive information, as an extra security measure, and companies may need to review their internal procedures and bank account checks.
Other recent phishing scams have seen emails purporting to be from at least two high street banks (SEB and LHV) as well as Omniva postal service provider.
Download the ERR News app for Android and iOS now and never miss an update!
Editor: Andrew Whyte