TLP White: PIN 20191107-001: Cyber Actors Leverage Subscription-based Commercial Databases, November 7, 2019

Cyber Actors Leverage Subscription-based Commercial Databases to Conduct Business Email Compromise Fraud against Construction Companies

Summary:
The FBI has observed cyber actors leveraging commercial databases to obtain victim targeting information to perpetuate Business Email Compromise (BEC) fraud against construction companies and their vendors.

Threat:
Since December 2016, cyber actors have used subscription-based commercial databases to obtain intelligence on commercial construction projects across North America. These databases enable BEC actors to learn specifics about tens of thousands of construction projects including key contact information, project costs, bidder lists, plan holder lists, project specifications, and agendas.

BEC actors use this intelligence to register domains similar to construction companies who have won bids and are engaged in ongoing projects. The fraudsters then send an email to the victim company, which includes an attached direct deposit form and instructions to change previously submitted banking information to a new account controlled by the actor. The victim company then processes the banking information change, and any future invoice payments are made to the altered account.

View related resource for details. 

Key Resources

Related Resources

Special Bulletin
Red Cross, America’s Blood Centers, AABB Say U.S. Faces Critical Blood and Platelet Shortages
Public
Advancing Health Podcast
Going International: The FBI's Global Fight Against Cybercrime
Public
Advisory
American Hospital Association and Health-ISAC Joint Threat Bulletin - TLP White
Public
Advisory
Hospitals in Florida, Other States Impacted by Effects of Cyberattack on Blood-donation Nonprofit OneBlood
Member
Guides/Reports
CLEAR Crisis Leadership Tip Sheets
Advisory
Ransomware Group Warns of Potential Cyberattack
Member