TLP White: PIN 20191107-001: Cyber Actors Leverage Subscription-based Commercial Databases, November 7, 2019
Cyber Actors Leverage Subscription-based Commercial Databases to Conduct Business Email Compromise Fraud against Construction Companies
Summary:
The FBI has observed cyber actors leveraging commercial databases to obtain victim targeting information to perpetuate Business Email Compromise (BEC) fraud against construction companies and their vendors.
Threat:
Since December 2016, cyber actors have used subscription-based commercial databases to obtain intelligence on commercial construction projects across North America. These databases enable BEC actors to learn specifics about tens of thousands of construction projects including key contact information, project costs, bidder lists, plan holder lists, project specifications, and agendas.
BEC actors use this intelligence to register domains similar to construction companies who have won bids and are engaged in ongoing projects. The fraudsters then send an email to the victim company, which includes an attached direct deposit form and instructions to change previously submitted banking information to a new account controlled by the actor. The victim company then processes the banking information change, and any future invoice payments are made to the altered account.
View related resource for details.