Online scams targeting business users

How the scam works

The attacker compromises or imitates an e-mail account, claims to be a partner, vendor or employee, and sends apparently legitimate payment instructions. They normally ask for an urgent payment, change of IBAN, an “update” of vendor’s details or a payment to a “newly opened account” which is, of course, fake.

They often use very similar domains (e.g. @company.com.hr instead of @company.hr), make “minor” errors such as mixed up letters (@frim.hr instead of @firm.hr) or use visually similar but technically different symbols and typosquatting (e.g. “I” instead of “l” in the case of paypaI.com or “corn” instead of “com” – for example, cornpany.com), which make it difficult to detect the scam.

How to identify and prevent

Always make independent verification via telephone or official internal channels, especially if the matter involves urgency or change in a vendor’s details. Carefully examine the sender’s domain – only one different letter can mean that the account is fraudulent. Always abide by the 4-eyes rule or use multiple authorizations for all outgoing payments. Use MFA (multifactor authentication) to access e-mail systems and provide your employees with social engineering education on a regular basis.

How the scam works

The scammer normally claims to be CEO or director, using a compromised or fake e-mail account. The message underlines urgency and confidentiality (“this needs to be done immediately and there is no need to inform anybody else”). They will often issue an order to make a payment to a “new, urgently opened account”, which is normally located abroad. They may also use deepfake technology in telephone or video calls to imitate the voice or appearance of an executive.

How to identify and prevent

If you have never received a direct payment order from an executive – it is probably a scam. If you receive such an urgent request, identify the caller by calling the listed number and never dial the number provided in the e-mail. Implement a stringent internal procedure for authorizing extraordinary or urgent transactions. By educating your employees, you will enhance their understanding of manipulative tactics such as “urgency” or “confidentiality”.

How the scam works

Scammers send businesses fake invoices (or bills), as well as fake requests for registration in various “official” registries, claiming that such registration is required and that the letter is an official one.

How to identify and prevent

Always check such documents using official and publicly available sources, do not make any payment, do not enter any information without prior verification, and be careful about messages that create a sense of urgency.

How the scam works

Falsely claiming to be their bank, the scammer approaches a user and asks them to click a fake link, insert their user credentials, PIN or OTP or install a fake app (such as a fake version of m-zaba) to gain access to their account.

How to identify and prevent

It can be recognized for messages that create a sense of urgency and ask the victim to provide their information or install an app. You should only update your apps via official stores, never share your PIN or passwords and check each suspicious message directly with the Bank.