Having some Phun With Phishers - CEO Fraud Blow-By-Blow



CEO Fraud EmailFor the last 9 years I have been a board member of the public/private  Clearwater Downtown Partnership.  And as many public organizations, all the board member information is freely available through the website. 

So, some half-smart phishing scammer sent me a CEO fraud email, demanding I send money urgently to a bank account. It was clear as daylight checking the headers that it was a fraud. I decided to see how long we could keep that going, here is the whole email exchange blow-by-blow:

Stu ,

How are you doing! Please I want you to make transfer payment of $5,250 on behalf of the association today, i will like to know available balance on our account i need you to handle this right away, while i send you the beneficiary bank info.

 

Regards.
Grant Wood
Sent from my iPad

Well, that sounds like fun! My answer:

Sure!  Where do you need it sent?
Stu
Sent from my iPad

So he sends me back detailed bank instructions, pretty much right away:

Stu ,

 

Below is the bank details required for the outgoing wire transfer in the amount of $5,250.

 

Bank Name: Greendot Bank Account

Name: Ricky Duran

Account No: 20121005075110

Routing No : 124303120

Bank Address: 3330 Southwest 17th Street Oklahoma City, OK 73108

 

Have this remitted, send me confirmation when completed and keep the original copy for your reference. Regards.

Grant Wood

Sent from my iPad

Next, I ask this:

 

Hey Grant,
What is this for please? I need to book this under the right account
Stu 

 

Mr. Nigerian Bad Guy comes back with:


Stu,

It is for Supply Service to CDP. Book it as (Supply Service)

Regards.
Grant Wood
Sent from my iPad

 

So, we decide the throw him for a loop and see what he does:

I'm sorry Grant, I lost the password to the Bank Account!
:-(
Stu 

He's showing some creative problem solving here! Check this out:

Stu ,

You can as well get this done in the bank. We need to sort this out today.

Regards.
Grant Wood
Sent from my iPad

 

So now I decide to see what happens when we try to stall a bit further. Check it out, he now resorts to thinly veiled threats !  (all typos and grammar are his) 

Stu ,

Nevermind, I will have to table this matter before the board. How can we pend something that needs urgent attantion here because you forgot the code and super busy.

Regards.
Grant Wood
Sent from my iPad

Wow, now I'm getting scared! 

I'm very sorry Grant.

How can I make up?

Stu

Grant shows his generous side: :-)

Stu,

You just need to complete this today.

Grant.
Sent from my iPad

Next I'm getting interested in de bank details:

OK. Just.. Who is this Ricky Duran?
Stu

Uh-Oh, The stick comes out again !

Stu ,

He is the vendor (Supplier). Are you doubting me?

Regards.
Grant Wood
Sent from my iPad

I'm being contrite and try to be my best self...

No, no, absolutely not. But it's my responsibility to keep the books in order.
Where are you today?
Stu

Mr Bad Guy knows how to use Google Maps apparently. This is 200 Miles north from us. His English is deteriorating.

Stu,

In Olustee for a meeting. Kindly, send me the cofirmation slip when you are done with the transfer.

Regards.
Grant Wood
Sent from my iPad

I know, curiosity is a bad habit but I cannot help myself and ask after an hour of more stalling:

Sorry ! I was in a meeting !

Oh, by the way, what are you doing in Olustee?

Stu

He's stern with me now, trying to assert the fact he's the Chairman of our group:

Stu ,

I am in a business meeting.

Regards.
Grant Wood
Sent from my iPad

I decide to stay quiet for a while and see if he comes back, I do have a job to do. But sure enough...

Stu ,

I am still waiting to hear from you.

Regards.
Grant Wood
Sent from my iPad

Now I am on my knees begging for forgiveness!  :-)))

Grant, I am very, very sorry and I do not want to cause a bad impression for the board.
But I have been in urgent meetings all afternoon. Is it really urgent?

Stu

OK, I see that this can't wait any longer after I get the next answer. I will just have to transfer the money now. LOL

Stu,

This is extremely urgent.

Regards.
Grant Wood
Sent from my iPad

This thing has gone on during the whole day, and I decide to clarify who I am.

"Grant",

You omitted to do a bit of research. Check out what I do for a living...

You have been reported to the FBI and that bank account will be shut down soon. Get a life.

 

Stu

Answer from Mr Bad guy:

...crickets...

 


Since CEO Fraud has been skyrocketing the last 12 months, causing at least a whopping 1 Billion dollars in damage, it's a must stepping your users through effective security awareness training which includes frequent simulated attacks.

For instance, KnowBe4's integrated training and phishing platform allows you to send fully simulated CEO Fraud emails so you can see which users answer the emails and/or click on links in them or open infected attachments.

See it for yourself and get a live, one-on-one demo.

Request A Demo

PS: Don't like to click on redirected buttons? Cut & Paste this link in your browser:

https://info.knowbe4.com/kmsat-request-a-demo


 


Topics: CEO Fraud



Subscribe to Our Blog


Comprehensive Anti-Phishing Guide




Get the latest about social engineering

Subscribe to CyberheistNews