There are criminals who when they compromise an email account use their access to undertake a “Man in the Inbox” attack. Such attacks are highly successful as antispam systems are not tuned to look for insider attacks and therefore less likely to catch them.

The attackers purport to be the owner of the account and use the already established trust relations to better their own bank balance. They do this in obvious ways such as sending change of bank account notices to all customers, this way they get the victims clients to make their remittance payments to a money mule’s bank account who then transfers it to the criminals account.

In any commercial relationship, the previously agreed terms and conditions about payments should include a statement about how to confirm a change in bank account. If your business includes sending or receiving invoices and making associated financial transactions then your bank account details should also be published on your website as this provides and alternative means of confirming it.

The interpretation of the law is somewhat grey on who is liable if you are the victim of such a scam. This should be reported to law enforcement, your bank and your insurance company. You should also take steps to preserve any forensic evidence (buy a new computer rather than wipe the old one and keep it powered off) as this might be useful in attribution.

To defend against these you need to be vigilant and not get hooked from phishing emails. If the messages’ date/time stamp is outside what you would expect, the bank account looks odd, or the request seems out of sequence (like sending an invoice that updates a previous one), or there is a minor difference in the email address such as “accounts” rather than “account” then phone them to confirm the change details. The criminals have allayed suspicions by responding to skeptical emails advising that the change is legit.

For further information see Cofense article