New costly cybercrimes hitting rental companies
By Brock Huffstutler
Print

New costly cybercrimes hitting rental companies

Be aware of social engineering and invoice manipulation

The ever-evolving thefts that businesses face in the cyber landscape are increasingly taking the form of “social engineering” and “invoice manipulation.” A recent string of such attacks has hit equipment and event rental businesses, and those in the industry are encouraged to be on their guard.

“There are two different forms that I’m seeing — social engineering and invoice manipulation,” says Alastair Jones, owner of J.A. Jones Insurance, Austin, Texas, and an ARA Insurance preferred agent. “This has happened to five of my insured customers since Thanksgiving. It seems that right now, the only ARA [American Rental Association] members that are getting hit are in Texas, but it’s going to travel. Especially since the thieves have had success in getting money.”

The Cybersecurity & Infrastructure Security Agency (CISA) describes a social engineering attacker as someone who seems respectable and possibly claims to be, for example, a new employee or repair person, even offering credentials to support that identity. However, by asking questions, he or she may be able to piece together enough information to infiltrate an organization’s network.

This is the kind of infiltration that happened to at least one of Jones’ rental business clients.

“Someone broke into an event rental company’s email and sent a message to a large tent customer of theirs, saying, ‘We’ve changed our banking information. Can you send the money for the invoice that you owe us to this new account?’ And the customer did. $350,000 went to a nefarious bank account. So, the customer still technically owes the rental store the money. The rental store now has to rely on their customer to either pay again or have the insurance coverage that will pay for this,” Jones says.

Lawinsider.com explains invoice manipulation as the distribution of any fraudulent invoice or fraudulent payment instruction to a third party as a direct result of a security or data breach.

This type of manipulation also has been seen in rental businesses, according to Jones.

“An example of this would be if someone broke into the network of a product supplier to a rental store,” he says. “A rental company who ordered product from that supplier might receive an email from them saying, ‘Congratulations on purchasing these two new machines. Here is how you pay your invoice.’ Everything in the email is exactly like what the supplier would typically send out. So, the rental store pays the invoice, and it goes to the bad guy’s account. Then, the supplier calls up the rental store a few weeks later saying, ‘We never got your money. You still owe us $100,000.’ This is a massive problem for our insured customers because, in this scenario, they could be out $100,000 and the supplier can only say, ‘I’m sorry, but you still owe us the money.’ And the rental store’s bank can’t help because the money has gone out. So, it’s painful to our customers — a $100,000 pain.”

For cybersecurity recommendations or to access articles with tips to avoid social engineering, visit cisa.gov.

Brock Huffstutler

Brock HuffstutlerBrock Huffstutler

Brock Huffstutler is the regional news editor for Rental Management. He writes and edits articles for ARA’s In Your Region quarterly regional newsletters, Rental Management, Rental Pulse and other special projects. Outside of work, he enjoys biking and spending time at the few remaining vintage record stores in the region.

Other articles by Brock Huffstutler
Contact author

Contact author

x

Don’t miss the latest news from the equipment and event rental industry. Click here to subscribe to Rental Pulse and Rental Management magazine.


 

An official publication of the American Rental Association.
Produced by Rental Management. Copyright © 2022 Rental Management all rights reserved

 

Magazine

Subscribe

 

Want to stay up to date on the latest news and trends in the equipment and event rental industry?

Get your own FREE subscription to Rental Management magazine.

Subscribe




Our Sponsors