Business email compromise (BEC) scammers are now targeting a company’s customers using a new indirect attack method designed to collect information on future scam targets. The attackers have been intercepted by Agari Cyber Intelligence Division (ACID) posing as CEOs of targeted companies and requesting information from employees on invoices that are overdue for payment in the form of an aging report. Agari responded to the scammers by sending in a fake aging report which prompted the cybercriminals to ask for a list of customers coupled with any debts they might have to extinguish.
Source: https://www.bleepingcomputer.com/news/security/bec-scammers-trick-employees-into-giving-away-customer-info/