Scammers Divert Funds from Teacher's Direct Deposit
Industry: Education | Level: Strategic | Source: Abnormal Security
Abnormal Intelligence researchers have discovered a payroll diversion attack targeting school teachers. The attackers impersonate school teachers to trick human resource administrators, in charge of payroll, to route paychecks to an attacker-owned account. Abnormal Intelligence names the threat group responsible for the attack as Chiffon Herring. An initial profile established of the threat actors is "Their targets have ranged from large public universities to small community colleges, and from sprawling urban school districts to an individual all-girls preparatory school. Based on our research, Chiffon Herring actors are likely located in Nigeria and South Africa, both of which are typical hotbeds for BEC scammers." Chiffon Herring threat actors have exclusively targeted verticals in education and to only impersonate non-executive level employees such as teachers and professors. The threat actors take advantage of academic institutions which list their personnel publicly on the school's websites and spoof the email addresses of the targeted account. In the email communication, the threat actors request the deposit of their next paycheck into a new account reasoning as they have enrolled in a new bank and deactivated the account on file. Providing urgency on the request as their next check won't be processed to an inactive account.