The following scheme has been reported and has targeted at least - TopicsExpress

The following scheme has been reported and has targeted at least five petroleum companies. The perpetrators registered domain names closely resembling the domain names of the victim companies that were slightly misspelled. The perpetrators then sent targeted e-mails to individuals who were identified as having the ability to initiate a wire transfer within the company. The e-mails appeared legitimate, were sent to the correct person at the company, and had contact information for the requester (usually someone in the company with the authority to request a transfer). The victim company contacted the requestor at the number provided in the e-mail (instead of using information contained in an internal directory) and provided him/her with the information and documents required to initiate the transfer. The perpetrator completed the form and initiated the wire transfer. A variation of this scheme involved perpetrators creating a domain name similar in spelling to a victim company’s sub-contractor domain. The perpetrator then e-mailed the individual in charge of initiating payments to that sub-contractor and informed him/her due to various reasons, the sub-contractor needed to change the account information for all payments initiated to the sub-contractor. The e-mail contained the name of a legitimate person at the sub-contractor, but provided a number belonging to the perpetrator. The company called the perpetrator to verify the account change and changed the payment information. The company was then contacted by its sub-contractor about delinquent payments. Most of these schemes are occurring in the aforementioned industry, but based on the success of these schemes, the perpetrators may expand their target group. Because of the increased number of spear-phishing attacks reported recently to the IC3, on June 25, 2013, the IC3 released a PSA educating consumers on spear-phishing. The PSA is available at ic3.gov/media/2013/130625.aspx.