In 2018, Appert decided to sell the house and got in touch with an Australian law firm, KF Solicitors, on July 1st. On July 18th, she received an email that read, “The sellers [sic] authority just needs to be emailed back to us and not posted.” She emailed her bank details to the company in a PDF.
Over the next month, Appert and her son worked with KF Solicitors to have the money transferred to Appert’s account. However, the money kept bouncing back. On August 10th, Appert received an email supposedly confirming the wire transfer with the wrong bank account number.
KF Solicitors said they never sent this confirmation, and that they had already transferred the money to an account owned by a company called Kristal Contractors LLC. Appert contacted US law enforcement on August 11th, and on August 14th, Appert’s bank confirmed that the attackers had stolen her money on August 6th. KF Solicitors tried to freeze the transfer, but it was too late.
“There aren’t a lot of details about this case beyond what Appert relates,” writes Vaas. “But more than anything, it sounds like business email compromise (BEC, also known as CEO Fraud): a crime that’s a bit like phishing but without the fake website. Fraudsters contact employees, generally at small companies, often through spoofed email addresses but also by phone, and then impersonate trustworthy business contacts, be they suppliers or customers. In this case, the ‘corporate account’ with Kristal Contractors LLC was likely the purportedly trustworthy business party.”
BEC scams are increasingly popular among criminals, and organizations need to ensure that they’ve implemented proper authentication protocols for money transfers. New-school security awareness training can also help employees be on the lookout for this type of behavior and prevent social engineering tricks.
Naked Security has the story: https://nakedsecurity.sophos.com/2019/01/17/email-crooks-swindle-woman-out-of-150k-from-home-sale/
CEO fraud has ruined the careers of many executives and loyal employees. Don’t be next victim. This manual provides a thorough overview of how executives are compromised, how to prevent such an attack and what to do if you become a victim.
PS: Don't like to click on redirected buttons? Copy and paste this link in your browser:
https://info.knowbe4.com/ceo-fraud-prevention-manual