TLP White: PIN 20191107-001: Cyber Actors Leverage Subscription-based Commercial Databases, November 7, 2019

Cyber Actors Leverage Subscription-based Commercial Databases to Conduct Business Email Compromise Fraud against Construction Companies

Summary:
The FBI has observed cyber actors leveraging commercial databases to obtain victim targeting information to perpetuate Business Email Compromise (BEC) fraud against construction companies and their vendors.

Threat:
Since December 2016, cyber actors have used subscription-based commercial databases to obtain intelligence on commercial construction projects across North America. These databases enable BEC actors to learn specifics about tens of thousands of construction projects including key contact information, project costs, bidder lists, plan holder lists, project specifications, and agendas.

BEC actors use this intelligence to register domains similar to construction companies who have won bids and are engaged in ongoing projects. The fraudsters then send an email to the victim company, which includes an attached direct deposit form and instructions to change previously submitted banking information to a new account controlled by the actor. The victim company then processes the banking information change, and any future invoice payments are made to the altered account.

View related resource for details. 

Related Resources

Guides/Reports
Public
In this edition of Hacking Healthcare, we explore insider threats and the various ways they can
Guides/Reports
Member
Executive Summary:
Guides/Reports
Public
Weekly issue of H-ISAC Report: Hacking Healthcare - TLP White, November 5, 2019.
Guides/Reports
Public
In this edition of Hacking Healthcare, we breakdown the United Kingdom’s National Cyber
Guides/Reports
Public
This edition of Hacking Healthcare is dedicated to giving you a primer on some of the
White Papers
Public
In this edition of Hacking Healthcare, we begin by exploring major proposed changes to the Domain Name System—an Internet mainstay that maps IP addresses to…