Another reminder that attackers are getting more sophisticated and taking the time to learn about their victims and their business processes before launching their phishing campaigns:
A hacker group called Ancient Tortoise was reportedly found targeting accounts receivable specialists for hoodwinking them into obtaining information on customers via aging reports.
This is according to a blog post from Cyware which I would suggest sharing with your financial department.
Once the miscreants had the aging reports, they used the information in them to target the customers of the initial victim organization, convincing them to make payments on real outstanding invoices to fake attacker controlled bank accounts.
As we inoculate our users against the “scam du jour,” attackers are thinking up new ways to separate our firms (and our customers) from their money. This is a problem which cannot be solved with technology – it requires awareness training and good old fashioned business processes to protect our companies.