Our friends at KnowBe4 received a CEO phishing email and decided to toy with the crooks.–PC Pitstop
Catching a CEO Email Phishing Scammer
By Stu Sjouwerman, for KnowBe4.com Security Awareness Training
KnowBe4 has been warning against “CEO Fraud” emails for a few months now, the FBI also calls them “Business Email Compromise” (BEC). I had been hoping we would get one of these ourselves, and lo and behold, we received one of these phishing schemes ourselves last week. It was spoofed “from our CTO” Alin Irimie to our Financial Controller Alanna Cormier. Here is how it looked in gmail, after she clicked on Reply. The initial CEO Fraud phishing attack
Since we send millions of simulated phishing to our 2,000 enterprise customers every year, we like to think we know what we are doing, so we decided to have some fun with these scammers.
The attacker must have only done some superficial research about us, because he did identify our CTO and our Controller. If he would have spent 2 minutes more, and looked at what we do, he might have changed his mind!
FBI Warning & Example of Massive CEO Email Phishing Scam
The FBI issues warnings about an email scam that’s stolen more than $1.2 billion
The Federal Bureau of Investigations (FBI) put out a pair of warnings (1, 2) in recent weeks regarding a fraud scheme that involves email, wire transfers, checks, and international business. The target of these schemes are businesses that work with foreign suppliers and those that perform wire transfer payments.
The warnings state that since January, the number of victims has nearly tripled, at an increase of 270 percent. Victims have been reported in all 50 U.S. states and across 79 different countries. More than 8,000 victims and $800 million in losses later, the report dives into how social engineering and phishing have been the point of attack. Once the target is compromised (potentially you), the attacker conducts unauthorized transfers of funds, typically stealing through wire transfers. Once the international law enforcement reports are tallied into the figure, the losses total more than $1.2 billion. One of the biggest hauls on record comes from the networking company known as Ubiquiti Networks, which reports that cyber thieves stole $46.7 million with this scam.
Tech Firm Ubiquiti Suffers $46M Cyberheist
Networking firm Ubiquiti Networks Inc. disclosed this week that cyber thieves recently stole $46.7 million using an increasingly common scam in which crooks spoof communications from executives at the victim firm in a bid to initiate unauthorized international wire transfers.
athookUbiquiti, a San Jose based maker of networking technology for service providers and enterprises, disclosed the attack in a quarterly financial report filed this week with the U.S. Securities and Exchange Commission (SEC). The company said it discovered the fraud on June 5, 2015, and that the incident involved employee impersonation and fraudulent requests from an outside entity targeting the company’s finance department.
http://krebsonsecurity.com/2015/08/tech-firm-ubiquiti-suffers-46m-cyberheist/
