Skip to content
Search
  • There are no suggestions because the search field is empty.
Cancel
Get Started Now

    Security Awareness Training Blog

    Business Email Compromise Attack Uses a “Man-in-the-Middle” Email Attack to Steal $1M

    Stressed businessman with head in hands at officeDubbed the “ultimate” Man-in-the-Middle attack by security researchers at Checkpoint, this CEO fraud attack shows how brazen cybercriminals can be – and how organizations need to be cautions when money is involved.

    Picture a tech startup and a foreign VC company ready to invest $1M in seed funding. Post negotiations, all that’s left to do is sign some papers and wire the funds. But what if a bad guy compromised and monitored the email system, and then setup bogus domains representing each party, and played both sides of the transaction so that the investment funds were wired to a fraudulent account?

    That’s exactly what happened to an Israeli startup last month. Using lookalike domains, intimate knowledge of the communications and pending transaction, the attacker was able to hijack the email thread. For each email sent to the other party, the hacker captured the email, deleted it from the corporate email system, and used their own lookalike domain email to be the response. This was done for all communications in both directions. In essence, the hacker was playing both sides like a fiddle.

    The hacker not only convinced the VC to change bank accounts before money was transferred, but the hacker also cancelled meetings (using different excuses for each side), and even asked for a second round of funding from the VC!!!

    According to CheckPoint, organizations need to have procedures in place that validate account details involved in large monetary transactions using a second medium (e.g., a phone call, although Deepfake audio can make even that unreliable…). Additionally, they recommend that employees go through Security Awareness Training to educate them “to the trending threat in the email space.”

     

    Return To KnowBe4 Security Blog

    Can hackers spoof an email address of your own domain?

    DSTAre you aware that one of the first things hackers try is to see if they can spoof the email address of your CEO? If they are able to commit "CEO Fraud", penetrating your network is like taking candy from a baby.

    Now they can launch a "CEO fraud" spear phishing attack on your organization, and that type of attack is very hard to defend against, unless your users are highly ‘security awareness’ trained.

    Find out now if your domain can be spoofed. The Domain Spoof Test (DST) is a one-time free service. Run this test so you can address any mail server configuration issues that are found.

    Try To Spoof Me!

    PS: Don't like to click on redirected buttons? Cut & Paste this link in your browser:

    https://www.knowbe4.com/domain-spoof-test/

    Topics: Security Awareness Training, CEO Fraud

    Stu Sjouwerman

    ABOUT STU SJOUWERMAN

    Stu Sjouwerman (pronounced “shower-man”) is the founder and CEO of KnowBe4, Inc., which hosts the world’s most popular integrated security awareness training and simulated phishing platform, with over 54,000 organization customers and more than 50 million users. A serial entrepreneur and data security expert with 30 years in the IT industry, Stu was the co-founder of Inc. 500 company Sunbelt Software, a multiple award-winning anti-malware software company that was acquired in 2010.

    Read more from Stu »

    Subscribe to Our Blog


    Security Awareness Training
    Blog RSS Feed
    Comprehensive Anti-Phishing Guide
    All Posts

    Posts by Tag

    See all

    Posts By Topic

    View All

    Get the latest about social engineering

    Subscribe to CyberheistNews