Fraudsters on behalf of BEB send phishing emails to businesses demanding documents
The Bureau of Economic Security announced a mass mailing of phishing emails in which documents are requested on behalf of the agency and urged to open attachments.
The Bureau of Economic Security announced a mass mailing of phishing emails in which documents are requested on behalf of the agency and urged to open attachments.
According to BEB, unidentified individuals are sending letters to business entities, institutions, and organizations from third-party email addresses and disguising them as official correspondence from the bureau. Such messages allegedly refer to a documentary audit of the enterprise, after which the recipient is required to provide constituent, financial, and tax documents.
The department says that to be convincing, attackers use pseudo-official forms, fictitious outgoing numbers, the names of alleged BEB employees, and contact details. Archives and attachments that the recipient is offered to open or download supposedly to receive an electronic form or additional information pose a particular danger.
The BEB emphasizes that it has not sent any instructions regarding such mailing and does not require constituent, financial or tax documents in this way. The bureau also reminded that the employees' official e-mail has only the domain @esbu.gov.ua, and official letters are signed with a qualified electronic signature.
If you receive such messages, the agency advises not to open attachments, not to download files, not to send any documents in response, and to report the incident to the cyber police and the SBU. BEB added that it has already contacted law enforcement agencies to clarify all the circumstances.
Recently, scammers have increasingly used the names of government agencies in phishing campaigns to increase the credibility of the email. Such mailings can be aimed both at stealing data and infecting devices with malware via attachments or archives.
Previously, dev.ua wrote about how NPC Ukrenergo announced a fraudulent email campaign: recipients are offered to download supposedly «updated outage schedules,» but in fact the file contains malicious software.
«Zvenyhor writes to you.» How scammers use «creative phishing» in an attempt to obtain user data
«Zvenyhor writes to you.» How scammers use «creative phishing» in an attempt to obtain user data
Ministry of Energy warns of phishing emails demanding «payment» on behalf of the agency
Ministry of Energy warns of phishing emails demanding «payment» on behalf of the agency
Cyberpolice warn about phishing messages on behalf of postal operators: here’s how the fraudulent scheme works
Cyberpolice warn about phishing messages on behalf of postal operators: here’s how the fraudulent scheme works
Read the country’s main IT news in our Telegram
Read the country’s main IT news in our Telegram
