General Inquiries

Hacking email asking for past due invoices list

  • 1.  Hacking email asking for past due invoices list

    Posted 11 days ago
    My AP staffer received an email from what she thought was our President, asking for a list of vendors with past/due invoices.  After she sent the report, she realized that it was from a hacker and was not his actual email address.  What would a hacker do with a list of vendors?  I'm trying to figure out why they would want this information?

    ------------------------------
    Denise Day CPA
    Controller
    Phillips Hardy Inc.
    Boonville MO
    (660) 834-3030
    ------------------------------


  • 2.  RE: Hacking email asking for past due invoices list

    Posted 10 days ago
    Denise, the hacker will probably try to get payment to them for those outstanding invoices.  You should probably let those vendors know.

    ------------------------------
    Helen Apostolico CCIFP
    Principal/Chief Financial Officer
    Landmark Science & Engineering
    Newark DE
    (302) 444-0778
    ------------------------------



  • 3.  RE: Hacking email asking for past due invoices list

    Posted 9 days ago
    Thanks everyone for the feedback.  No sooner than I posted that, she received another email from our "President" asking her to wire transfer money to a consultant, complete with the consulting agreement and the W-9.  We've discussed watching for all of the items you all have mentioned.  And she is actually one of my most tech savvy staff members.  But she was checking the email on her phone and didn't catch the faulty email address.  I'm sure she won't let that happen again.


    ------------------------------
    Denise Day CPA
    Controller
    Phillips Hardy Inc.
    Boonville MO
    (660) 834-3030
    ------------------------------



  • 4.  RE: Hacking email asking for past due invoices list

    Posted 10 days ago
    They will send you collections statements with payment addresses/bank information that goes to directly to them.

    ------------------------------
    Susan Milner
    Corporate Controller
    Greenville SC
    (864) 312-9896
    ------------------------------



  • 5.  RE: Hacking email asking for past due invoices list

    Posted 10 days ago
    Hey Denise,

    This is a type of social engineering hackers will use to receive vendor payments. They will get the list from one person then send another fraudulent email to someone else instructing them to wire payment. You need to make sure you have coverage for this on your cyber policy because it usually happens more than once.

    Cody Post
    AVP, Marsh
    404-545-0765
    cody.post@marsh.com

    ------------------------------
    Cody Post CRIS
    Assistant Vice President
    Marsh
    Atlanta GA
    (404) 995-2692
    ------------------------------



  • 6.  RE: Hacking email asking for past due invoices list

    Posted 10 days ago

    Hackers could use this information to pose as a debt collector and harras your vendors and collect the amounts owed you.

     

    Joe Miranda

    wjmiranda@comcast.net

     






  • 7.  RE: Hacking email asking for past due invoices list

    Posted 10 days ago
    Denise, As Cody mentioned, this is the first step a fraudster will deploy to understand who you pay and what you owe them. They can then attempt to create emails that look like they are coming from your vendor asking you to send the payment via ACH to a fraudulent bank account. Be on the lookout for these emails! And of course, remind your staff to always verify requests that appear to come from management.

    ------------------------------
    Jason Krankota BA Political Science
    VP of Sales - Construction
    Nvoicepay
    Denver CO
    (720) 985-1506
    ------------------------------