![[The AI Show Episode 145]: OpenAI Releases o3 and o4-mini, AI Is Causing “Quiet Layoffs,” Executive Order on Youth AI Education & GPT-4o’s Controversial Update](https://www.marketingaiinstitute.com/hubfs/ep%20145%20cover.png)
![[DEALS] Mail Backup X Individual Edition: Lifetime Subscription (72% off) & Other Deals Up To 98% Off – Offers End Soon!](https://www.javacodegeeks.com/wp-content/uploads/2012/12/jcg-logo.jpg){kind=logo}
_Andreas_Prott_Alamy.jpg?width=1280&auto=webp&quality=80&disable=upscale#)
![Android Auto light theme surfaces for the first time in years and looks nearly finished [Gallery]](https://i0.wp.com/9to5google.com/wp-content/uploads/sites/4/2023/01/android-auto-dashboard-1.jpg?resize=1200%2C628&quality=82&strip=all&ssl=1)
![Android 16’s redesign seems to be full of new, subtle animations [Video]](https://i0.wp.com/9to5google.com/wp-content/uploads/sites/4/2025/03/android-16-easter-egg-5.jpg?resize=1200%2C628&quality=82&strip=all&ssl=1)
![Apple Ships 55 Million iPhones, Claims Second Place in Q1 2025 Smartphone Market [Report]](https://www.iclarified.com/images/news/97185/97185/97185-640.jpg)
Cybercriminals Deceive Tenants into Redirecting Rent Payments to Fraudulent Accounts
In a sophisticated business email compromise (BEC) scheme, cybercriminals are targeting tenants with fraudulent requests to redirect rent payments to attacker-controlled bank accounts. The campaign primarily focuses on French-speaking victims in France and occasionally Canada, exploiting the anxiety associated with potential missed rent payments to manipulate targets into immediate action without proper verification. The attacks […] The post Cybercriminals Deceive Tenants into Redirecting Rent Payments to Fraudulent Accounts appeared first on Cyber Security News.
In a sophisticated business email compromise (BEC) scheme, cybercriminals are targeting tenants with fraudulent requests to redirect rent payments to attacker-controlled bank accounts.
The campaign primarily focuses on French-speaking victims in France and occasionally Canada, exploiting the anxiety associated with potential missed rent payments to manipulate targets into immediate action without proper verification.
The attacks follow a consistent pattern where victims receive official-looking communications claiming their rental payment has not been processed.
These messages inform recipients that the property management company’s banking details have changed and provide new account information for future payments.
The fraudulent communications often employ authentic-looking letterheads and official terminology such as “Relevé d’Identité Bancaire” (bank account identity statement) to enhance credibility.
Proofpoint researchers identified this threat actor, designated as TA2900, through analysis of over 50 campaigns utilizing nearly two dozen different IBAN numbers.
The threat actor typically sends two to three campaigns using the same bank account before switching to a new one, demonstrating operational security awareness and methodical approach to avoiding detection.
The attackers leverage compromised mailboxes belonging to educational institutions to distribute their campaigns, providing an additional layer of perceived legitimacy.
Subject lines are typically generic such as “Loyer” (Rent) or “Nouveau RIB” (New bank details), while attached PDFs feature logos and terminology common to property management companies.
Social Engineering Tactics Analysis
The effectiveness of TA2900’s campaign lies in its sophisticated social engineering approach. The attackers trigger emotional responses by suggesting tenants’ housing could be at risk, creating urgency that bypasses rational verification processes.
The communications demonstrate knowledge of French rental payment processes, incorporating legitimate terminology like “Garantie des loyers” (Rent guarantee) and “Gestion immobilier comptabilité” (Real estate management accounting).
.webp)
Messages often contain specific instructions for victims to reply with proof of payment or authorization for future automatic payments, creating multiple opportunities for financial theft.
The bank accounts used by TA2900 are registered at legitimate French financial institutions, specifically “low cost” branches of larger banks, making transactions appear genuine to victims.
While the exact location of TA2900 remains unknown, Proofpoint assesses with high confidence that the actor’s primary motivation is financial theft.
The predominantly French-language campaigns may use translation software rather than indicating French-speaking operators, suggesting the attackers could be based outside the targeted regions.
Malware Trends Report Based on 15000 SOC Teams Incidents, Q1 2025 out!-> Get Your Free Copy
The post Cybercriminals Deceive Tenants into Redirecting Rent Payments to Fraudulent Accounts appeared first on Cyber Security News.
