Big Bad BEC

CEOFraud-1A Chinese venture capital firm was scammed out of $1 million in a noteworthy BEC (Business Email Compromise, or CEO fraud) scam, CyberScoop reports. The million dollars was supposed to be seed funding for an Israeli startup the venture capital firm was investing in. The VC firm didn’t realize what had happened until the startup called them on the phone to say it hadn’t received the money.

Cybersecurity company Check Point, which the Israeli startup hired to investigate the matter, found that this wasn’t a typical business email compromise attack. The scammers did compromise an email account at one of the companies, but they didn’t use this account to carry out the scam. Rather, once they saw an email discussing the upcoming investment, they registered two domains that closely imitated the domains used by the two companies.

Then, they sent two emails—one to each company—from these spoofed domains. The Israeli startup received an email from the domain spoofing the Chinese VC firm, while the VC firm received an email from the domain imitating the Israeli startup. These emails contained the same content as the real thread discussing the investment. Both companies failed to notice that the domains were off by one letter, and they continued communicating without realizing that all their emails were being sent to the attacker-controlled domains.

The attackers would receive each email, edit it if necessary, and then forward it on to its intended destination. This technique gave the attackers complete control over both sides of the conversation. They even cancelled an in-person meeting between the Israeli CEO and an employee at the VC firm by coming up with excuses for why both sides had to cancel.

This was an exceptionally crafty scam, and most people probably wouldn’t believe an attacker would be able to pull it off. New-school security awareness training can teach your employees to never underestimate scammers, and to always verify the legitimacy of a conversation before taking action.

CyberScoop has the story:

Can hackers spoof an email address of your own domain?

DSTAre you aware that one of the first things hackers try is to see if they can spoof the email address of your CEO? If they are able to commit "CEO Fraud", penetrating your network is like taking candy from a baby.

Now they can launch a "CEO fraud" spear phishing attack on your organization, and that type of attack is very hard to defend against, unless your users are highly ‘security awareness’ trained.

Find out now if your domain can be spoofed. The Domain Spoof Test (DST) is a one-time free service. Run this test so you can address any mail server configuration issues that are found.

Try To Spoof Me!

PS: Don't like to click on redirected buttons? Cut & Paste this link in your browser:

Topics: CEO Fraud

Subscribe to Our Blog

Comprehensive Anti-Phishing Guide

Get the latest about social engineering

Subscribe to CyberheistNews