Skip to content
Search
  • There are no suggestions because the search field is empty.
Cancel
Get Started Now

Two-Month Email Compromise and Impersonation Attack Results in a $15M Take

Stu Sjouwerman | Oct 14, 2020

Email Compromise Impersonation AttackRead how one unnamed company fell victim to a scam that’s been repeated many times over the last few years, but never with such a massive payoff at the end.

Recently, news of a U.S. company being the victim of a business email compromise scam has spread like wildfire. While no company is named, the story paints a picture of both how easy it is for cybercriminals to access credentials, and how painful the final outcome can be.

In this case, a simple phishing scam turned into $15 Million for one cybercriminal.

Here’s how it went down:

  • Step 1: Compromise email accounts – Senior executives were targeted. There were no signs of malware on corporate endpoints, which led investigators to believe access was achieved by tricking users into giving up cloud-based credentials to access corporate email.
  • Step 2: Impersonate the parties involved – using their own lookalike email domains hosted in Office 365, the bad guys were able to create email accounts to converse with players on either side of a pending financial transaction.
  • Step 3: Setup mail forwarding – any messages related to the financial transaction they intended to takeover were routed to the attackers.
  • Step 4: Takeover the conversation – once a transaction-related email was identified, the attackers inserted themselves and cause the bank details to be modified.
  • Step 5: Cover their tracks – to ensure the company being defrauded is left in the dark about the fraudulent transaction, the cybercriminals created additional mail routing rules to an obfuscated folder.

These actions resulted in the victim company being taken for $15M with no recourse.

This could be your organization. And everything done in the attack above could realistically be done by a single individual. It doesn’t take much to accomplish all this, if you know what you’re doing.

The biggest red flag should have been on Step 1 – rarely (if ever) does anyone need to log onto their web credentials when they are already logged in. Users fall for this all the time – and they shouldn’t. A little new school Security Awareness Training can make the difference to empower users with the knowledge of what phishing scams look like and why they need to work with a heightened sense of vigilance. All this adds up to a smaller threat surface and a lower likelihood that someone will fall for the bait that may be the beginning of a very costly attack.

Topics: Email Security

Discover Your Organization’s Exposed Email Attack Surface

Cybercriminals constantly scan the deep web and thousands of breach databases to find exposed employee identities, credentials, and passwords to launch targeted social engineering attacks. Run our free Email Exposure Check Pro (EEC) to safely uncover your at-risk users and see what your organizational structure looks like to an attacker before they exploit it.

Get Your Free Email Exposure Report

Secure the Digital Workforce: Human + AI

KnowBe4 empowers the modern workforce to make smarter security decisions every day. Trusted by more than 70,000 organizations worldwide, KnowBe4 is the pioneer of digital workforce security, securing both AI agents and humans. The KnowBe4 Platform provides attack simulation and training, collaboration security, and agent security powered by AIDA (Artificial Intelligence Defense Agents) and a proprietary Risk Score. The platform leverages 15 years of behavioral data to combat advanced threats including social engineering, prompt injection, and shadow AI. By securing humans and agents, KnowBe4 leads the industry in workforce trust and defense.

Stu Sjouwerman

ABOUT STU SJOUWERMAN

Stu Sjouwerman (pronounced “shower-man”) is the Founder and Executive Chairman of KnowBe4, Inc., which hosts the world’s most popular integrated security awareness training and simulated phishing platform, with over 54,000 organization customers and more than 50 million users. A serial entrepreneur and data security expert with 30 years in the IT industry, Stu was the co-founder of Inc. 500 company Sunbelt Software, a multiple award-winning anti-malware software company that was acquired in 2010.

Read more from Stu »

Subscribe the KnowBe4 Blog

Version_2F_225x600

Posts By Topic

View all topics >