alex at receptiveit.com.au
Tue Nov 10 02:45:11 UTC 2020
I’ve seen something like this implemented, but with a slight variation.
A building client who has Office 365 mail hosting had their password for the accounts person discovered via social engineering. The malicious actor then logged in to their Outlook web interface and discovered clients of theirs as gat send regular, large invoices. They then set up server side filtering rules to move any incoming email from those clients to be moved to the RSS folder. They downloaded the invoices, deleted them from the mail server, modified the PDF attachment, and sent the emails with modified payload to my building client from a different email address that was also compromised.
It was found out before they got any money out of my client, but only just.
No 2FA made it relatively easy for the malicious actor.
Sent from my iPhone
> On 10 Nov 2020, at 1:33 pm, peter via linux <linux at lists.samba.org> wrote:
> There was a short article recently about a person who had a bathroom renovation done, costing $11500. On completion, the builder emailed her a bill, which she paid via bank transfer. Builder didn't receive the money. Apparently the bank details on the builders email had been changed by a scammer. Has anybody on CLUG seen anything like this before? Can you explain how the scam could be implemented.... virus, malware etc ?
> linux mailing list
> linux at lists.samba.org
More information about the linux