The Shark Tank - Phished

4007235433?profile=RESIZE_710xCan you go phishing in a Shark Tank?  Apparently, you can.  "Shark Tank" TV star Barbara Corcoran has lost close to $400,000 last week after her real estate office was duped by criminal hackers who used a small typo to gain access into her company.   

The phish started last week when an email chain was forwarded to Corcoran's bookkeeper whose name is “Christine.”  Confidential sources on Corcoran's team passed to media that the phishing email appeared to have been sent from Corcoran's executive assistant, Emily.  The email stated Christine had the “green light” to pay $388,700 US dollars to a company called FFH Concept GmbH in Germany.  The sticking point here is that the email did not really come from Emily.  Cyber criminals changed Emily's email address by removing one letter, so the bad actors were the ones communicating directly with Christine.  Christine DID ask “some” of the right questions; like what was the money for?  She received an email back saying FFH was planning and designing a German apartment complex in which Corcoran had invested. 

These cyber hackers did their homework (social engineering) because this “cover story” verified the fact that Corcoran really does invest in real estate, and FFH is a real company in Germany.  In addition, this entire email communication looked even more legitimate because it appears to be coming from Corcoran's assistant.

So, the bookkeeper initiated a wire payment to the account listed in the original email.  Afterward, Christine emails Corcoran's assistant Emily, this time at her real address.  It is only then that Emily figures out the email scam.  Upon examination, Emily notices her address was altered on the previous chain of emails. 

Too late, the money is gone.  Corcoran’s IT team traced the original scam emails back to a Chinese IP address.  Her attorneys are figuring out their next move - but the money’s gone.

So, what are the lessons here?

  • Look closely are all email transactions, especially those dealing with financial and proprietary information. This email had only one letter off.
  • Use 2-Party authentication for all e-communications and data transfer.
  • Never be afraid to pick up the phone and talk directly with a person sending an email who is requesting money or sensitive information.
  • Have close working relationships with your C-Suite, Physical Security, Cyber Security (IT), HR and in this case the financial units.   

What can you do to better protect your organization today?

  • Proper data back-up and off-site storage policies should be adopted and followed.
  • Institute cyber threat and phishing training for all employees, with testing and updating.
  • Review and update your cyber threat and information security policies and procedures. Make them a part of all emergency planning and training.
  • Enroll your company/organization in RedXray for daily cyber threat notifications are directed at your domains. RedXray service is $500 a month and provides threat intelligence on nine (9) cyber threat categories including Keyloggers, with having to connect to your network.
  • Purchase annual cyber insurance coverage from Red Sky Alliance provided by Cysurance.

Red Sky Alliance is in New Boston, NH USA and is a Cyber Threat Analysis and Intelligence Service organization.  For questions, comments or assistance, please contact the office directly at 888-RED-XRAY or (888)-733-9729, or email feedback@wapacklabs.com   

Website:       https://www.wapacklabs.com/
LinkedIn:       https://www.linkedin.com/company/wapacklabs/
Twitter:         https://twitter.com/wapacklabs?lang=en

E-mail me when people leave their comments –

You need to be a member of Red Sky Alliance to add comments!