A hacker group called Ancient Tortoise was reportedly found targeting accounts receivable specialists for hoodwinking them into obtaining information on customers via aging reports. The new threat group impersonates company CFOs, requesting an updated aging report from companies’ financial department staff.

What is an aging report?

An aging report is a collection of outstanding invoices of users that help a company’s financial department keep track of unpaid bills of customers for the goods or services bought on credit.

Attackers’ trick

Researchers at Agari Cyber Intelligence Division (ACID) have revealed Ancient Tortoise’s intent to scam customers after collecting their information using aging reports from organizations.

  • The new threat group would impersonate a company’s CFO requesting the specialist an updated aging report altogether.
  • By not asking the employee to change payment accounts, in the beginning, is a tactic to win the trust first.
  • The attackers also mimic the names and free email accounts of the firm’s CFO to further strengthen their hoax.

Undercover operation by Agari

Agari’s research team connected with the scammers and continued the email exchange in order to further understand Ancient Tortoise’s fraud scheme.

  • The team sent a fake aging report containing the names of purported customers and their overdue amounts, along with the names and contact details.
  • Two days after the email exchange, scammers started contacting all the fake customers from the aging report, requesting payment for the outstanding invoices.
  • This is where they asked for the outstanding invoices to be paid via ACH or wire to a new account.
  • In the next, actors shared the details of the bank account they controlled for the outstanding payments to be made.

The Agari team said, “To make their email look legitimate, Ancient Tortoise registered a new domain about an hour and a half before sending the messages that closely mimicked our fake employee’s domain. Of course, the display name and username used by the scammer also matched our persona as well.”

Article sourced from Cyware.

Leave a Reply