The twist is something called vendor email compromise (VEC). Rather than targeting executives at your company in a traditional business email compromise (BEC), the cybercriminals will hijack an employee’s account at your vendor and monitor to see the pattern of invoices/payments, etc. Once the know the pattern of invoices and payments, they will send a fake invoice, request bank details change and get away with a fraudulent payment.
How do you combat? Add authentication techniques, internal controls, and best practices to reduce the potential for fraudulent payments. http://bit.ly/2AKLNAF http://bit.ly/2wN2Lvv
Bleeping Computer has the story here.