A phishing scam making the rounds and targeting businesses is using the Square name to fool its targets.
Reports in the Victoria Advocate said scammers are sending emails that appear to be from payment service provider Square. While there are several versions of the email, they all include the Square logo, according to reports. There are also links in the email to request a payment or view payment or refund details, as if a payment had already been made.
When these links are clicked, malware that can steal usernames, passwords, and other sensitive data is downloaded to the victim’s computer, reports said.
The Advocate also noted that a way to avoid falling victim to the scam is to verify the URL. Users should also be on the lookout for typos and grammatical errors in any emails, and be sure not to share sensitive details like payment card information or Social Security numbers.
Using financial services companies’ names and logos to commit scams is a common tactic for cybercriminals. Last year, small business accounting company MYOB had its name used by phishing scammers who targeted small businesses. That email, too, included a link that contained malicious software.
“By targeting popular brands, recipients are more likely to have a relationship with the company being impersonated,” said cybersecurity company MailGuard. “That’s an instant foot in the door.”
A recent warning from the Federal Bureau of Investigation revealed that business email compromise (BEC) scams have now led to $12 billion in diverted funds. The Association for Financial Professionals reported earlier this month that BEC scammers are looking for new avenues to commit their scams, such as using check and Automated Clearing House (ACH) payments.
Attackers have also“evolved,” the report found, from sending emails from fake addresses in an attempt to appear like a legitimate supplier, to hacking into the suppliers’ actual email accounts to send their scam emails.