[caption id="attachment_747" align="alignleft" width="225" caption="cybercrime site"]
[/caption]I wanted to bring to your attention another major cyberheist scheme that is making news. It is clear that no business today is immune from cybercriminals regardless of the size of the business. As long as corporate employees can be tricked into clicking a phishing link, the bad guys will continue to profit. Read below, its fascinating, yet all too common:
Spear phishing scamming attacks that target a specific organization or company can reap high rewards for cybercriminals, especially when Automated Clearing House (ACH) transfers are involved. Conde Nast, the mega publisher of magazines like Vogue, The New Yorker, and Wired, is one of the latest victims of a spear-phishing attack in which the scammer, Andy Surface, nearly made away with $8 million.
The fraud was first reported by Forbes in early April 2011 after Conde Nast filed a forfeiture lawsuit with the U.S. Attorney's office in New York to try to regain the money. The lawsuit indicates that Andy Surface, the scammer, opened a bank account in Texas in the name of Quad Graph. Conde Nast works with Quad/Graphics, a publicly traded company that prints Conde Nast magazines. Surface sent an email to Conde Nast with an electronic payment authorization PDF form attached, instructing payments to be made to the Quad Graph account. A Conde Nast employee accepted the email as legitimate, and signed and faxed back the form, allowing its bank to make electronic transfer payments to the fraudulent account.
Surface's account had received $8 million dollars from Conde Nast over a six-week stretch before the scam was revealed. Fortunately, the publishing company quickly contacted federal authorities, who froze the account before Surface was able to withdraw the money. This incident illustrates how simple it is to commit cybercrime for potentially huge gains, with a simple email and social engineering tactics.
Stu Sjouwerman
