Business Email Compromise Attack Uses a “Man-in-the-Middle” Email Attack to Steal $1M

Stressed businessman with head in hands at officeDubbed the “ultimate” Man-in-the-Middle attack by security researchers at Checkpoint, this CEO fraud attack shows how brazen cybercriminals can be – and how organizations need to be cautions when money is involved.

Picture a tech startup and a foreign VC company ready to invest $1M in seed funding. Post negotiations, all that’s left to do is sign some papers and wire the funds. But what if a bad guy compromised and monitored the email system, and then setup bogus domains representing each party, and played both sides of the transaction so that the investment funds were wired to a fraudulent account?

That’s exactly what happened to an Israeli startup last month. Using lookalike domains, intimate knowledge of the communications and pending transaction, the attacker was able to hijack the email thread. For each email sent to the other party, the hacker captured the email, deleted it from the corporate email system, and used their own lookalike domain email to be the response. This was done for all communications in both directions. In essence, the hacker was playing both sides like a fiddle.

The hacker not only convinced the VC to change bank accounts before money was transferred, but the hacker also cancelled meetings (using different excuses for each side), and even asked for a second round of funding from the VC!!!

According to CheckPoint, organizations need to have procedures in place that validate account details involved in large monetary transactions using a second medium (e.g., a phone call, although Deepfake audio can make even that unreliable…). Additionally, they recommend that employees go through Security Awareness Training to educate them “to the trending threat in the email space.”

Can hackers spoof an email address of your own domain?

DSTAre you aware that one of the first things hackers try is to see if they can spoof the email address of your CEO? If they are able to commit "CEO Fraud", penetrating your network is like taking candy from a baby.

Now they can launch a "CEO fraud" spear phishing attack on your organization, and that type of attack is very hard to defend against, unless your users are highly ‘security awareness’ trained.

Find out now if your domain can be spoofed. The Domain Spoof Test (DST) is a one-time free service. Run this test so you can address any mail server configuration issues that are found.

Try To Spoof Me!

PS: Don't like to click on redirected buttons? Cut & Paste this link in your browser:

Subscribe To Our Blog

Free Phishing Security Resource Kit

Get the latest about social engineering

Subscribe to CyberheistNews