A Chinese venture capital firm was scammed out of $1 million in a noteworthy BEC (Business Email Compromise, or CEO fraud) scam, CyberScoop reports. The million dollars was supposed to be seed funding for an Israeli startup the venture capital firm was investing in. The VC firm didn’t realize what had happened until the startup called them on the phone to say it hadn’t received the money.
Cybersecurity company Check Point, which the Israeli startup hired to investigate the matter, found that this wasn’t a typical business email compromise attack. The scammers did compromise an email account at one of the companies, but they didn’t use this account to carry out the scam. Rather, once they saw an email discussing the upcoming investment, they registered two domains that closely imitated the domains used by the two companies.
Then, they sent two emails—one to each company—from these spoofed domains. The Israeli startup received an email from the domain spoofing the Chinese VC firm, while the VC firm received an email from the domain imitating the Israeli startup. These emails contained the same content as the real thread discussing the investment. Both companies failed to notice that the domains were off by one letter, and they continued communicating without realizing that all their emails were being sent to the attacker-controlled domains.
The attackers would receive each email, edit it if necessary, and then forward it on to its intended destination. This technique gave the attackers complete control over both sides of the conversation. They even cancelled an in-person meeting between the Israeli CEO and an employee at the VC firm by coming up with excuses for why both sides had to cancel.
This was an exceptionally crafty scam, and most people probably wouldn’t believe an attacker would be able to pull it off. New-school security awareness training can teach your employees to never underestimate scammers, and to always verify the legitimacy of a conversation before taking action.
CyberScoop has the story: https://www.cyberscoop.com/bec-venture-heist-check-point-technologies/