January 20, 2021
Dear Valued Customer,
Fraudulent phishing and email schemes present an everyday challenge in today's business climate. Increased awareness and vigilance are key to detecting and preventing fraudulent activity. We are encouraging all our business partners to please remain vigilant against these schemes by closely reading emails and verifying requests to prevent fraud as well as ensuring your personnel are properly trained to spot fraudulent emails, including phishing emails.
A common phishing approach is for fraudsters to email a request to change bank account remittance information. As your partner, we want to inform you that multiple Orora customers have reported receiving fraudulent emails requesting payments be made to a bank account that is not a legitimate bank account for our organization.
Please note: these emails are not being sent from Orora; instead, they originate from fraudulent domains, such as ororaQroup.com (note that in all cases there is a slight modification to our legitimate email domain ororagroup.com) and request that the recipient change its existing bank account remittance information to an account controlled by the fraudster.
We anticipate the fraudster may continue to use email domains that look like Orora’s legitimate domain given the potential for many possible variations. In addition, the fraudster may advise you to call a different number than on file for verification, use a falsified letterhead or other company name, contact you directly and impersonate an employee (whom you may know and with whom you may interact), all in an effort to make their request appear to be authentic.
These emails are not authentic and should not be trusted, nor should any links in the emails be clicked. If you receive these or similar emails, please inform us immediately by emailing email@example.com.
We appreciate your attention to this important topic. Please forward this security alert to the appropriate personnel within your organization. If you have any questions or believe you have received a suspicious email, please do not hesitate to contact the Orora Global Information Security Team at firstname.lastname@example.org.
Thank you in advance.
Chief Financial Officer
Chief Information Security Officer