Increased Financial Fraud Activity - 20250429001

Overview

The WASOC has observed an increase amount of threat actor activity related to Financial Fraud. Actors have been observed to be utilising Business Email Compromise (BEC) attacks to facilitate this fraud activity.

What is the threat?

Business email compromise (BEC) is a proven tactic for accomplishing financial fraud for attackers. BEC is a form of targeted phishing, or spear phishing and whaling (executive phishing).

Threat Actors leverage compromised accounts of trusted internal or external identities to then facilitate fraud against organisations finance teams.

The WASOC recommends reviewing internal process and procedures involving financial related communications to internal and external partners or identities.

Recommendation

The WA SOC recommends administrators:

• Ensure all accounts are secured with phishing-resistant authentication methods where possible, such as Multi Factor Authentication (MFA), or utilising hardware security tokens: https://learn.microsoft.com/en-us/entra/identity/authentication/how-to-deploy-phishing-resistant-passwordless-authentication.
• Enable "Automatic Attack Disruption" settings within their environments as per Microsoft Documentation where possible: https://learn.microsoft.com/en-us/defender-xdr/automatic-attack-disruption.
• Engage with Financial and Payroll teams to ensure there are established processes and procedures for verifying all financial related communications are legitimate, even from internal contacts and colleagues.

Additional References

• ASD Threat Article: "Business Email Compromise" https://www.cyber.gov.au/threats/types-threats/business-email-compromise
• Blog Post: "Configure automatic Attack Disruption in Microsoft Defender XDR" https://jeffreyappel.nl/configure-automatic-attack-disruption-in-microsoft-defender-xdr/