And the scam attacks keep on coming, reinforcing how important it is to require proper procedures and verification for financial transactions.
In the latest one, the CFO of a company receives a series of emails from “the CEO”. Fortunately, he recognizes that they are bogus, and never replies. The scammer becomes progressively more impatient and demanding in further messages.
From: “Bob CEO” <bob.ceo@company.com>
Reply-To: “Bob CEO” <grandefromage@hotmail.com>
To: ray.cfo@company.comRay,
I need to know if you can still process out an Domestic transfer today.
Bob
Sent by iPhone
From: “Bob CEO” <bob.ceo@company.com>
Reply-To: “Bob CEO” <grandefromage@hotmail.com>
To: ray.cfo@company.comRay,
I'll need you to make a transfer of $22,500 to AAA Limo Service Inc
account below.
Bank Name: Big Name U.S. Bank
Bank Address: 2832 S. Muletta St. Amarillo, TX
Account holder Name: Molly Moulari
Account Holder Address: 1313 Money Mule Drive, Muleshoe, TX
Account Number: xxxxxxxxxx
Account Routing: xxxxxxxxxxConfirm to me once the transfer has been completed.
Bob
From: “Bob CEO” <bob.ceo@company.com>
Reply-To: “Bob CEO” <grandefromage@hotmail.com>
To: ray.cfo@company.comRay,
I have a meeting to attend right away i will not be able to sign it
that is why i want you to get it done. Record the payment on file as
the Debt the company owned AAA American Luxury Car Service Inc.
kindly email me the FED wire confirmation as soon as you complete the
payment.
Bob
Sent by iPhone
From: “Bob CEO” <bob.ceo@company.com>
Reply-To: “Bob CEO” <grandefromage@hotmail.com>
To: ray.cfo@company.comRay,
I'm waiting for the FED reference of the transfer, Can you confirm if
the transfer has been sent out?
Bob
Sent from my iPhone
[‘web bug' image to detect if the email was read]
The scam is the usual – the crook knows who the CEO and CFO are, and forges the From address to makes the messages appear as though they are originating from the CEO. He addresses the CFO by name. And, there's a Reply-To header to divert responses to a bogus email address controlled by the thief. In this case, he didn't bother to register a fake domain; he simply registered a throw-away Hotmail address.
One interesting twist is that the routing and account number actually belong to a big-name bank in the United States, not an entity unreachable by U.S. law enforcement.
However, in all probability, the name attached to that account, Molly Moulari, is an innocent American who has been duped into helping the scammers.
This is a fairly elaborate ploy in that it requires two scams to be successful before the criminals make a dime. Molly is the unknowing victim of the first one, known as the “Money Mule” scam, which began when she answered one of those “Work from Home Processing Payments” spam emails. She was “hired” and instructed to set up a legitimate bank account in her name. The crooks then ran a second scam – like the one against the CFO above – to trick someone into transferring money into Molly's account. She then does “her job”, which is to transfer the money on to the crooks, minus her commission. By using the money mule, the crooks hope to avoid the suspicion that a foreign bank might raise. Meanwhile, Molly will be left to twist in the wind when the FBI comes knocking at her door.
Multi-part scams are becoming more prevalent. An organization’s best line of defense is a vigilant employee base and good procedures. Most of all, everyone should be aware that they should never, ever perform any financial transaction merely on the basis of unauthenticated email – especially if the email has a return address that isn't the company's domain.
For more information on this topic, check out these articles:
- Would you have fallen for this phishing attack?
- Latest secure message scam targets Bank of America Merrill Lynch customers
- Is your email communication secure?
- Phishing attacks are on the rise. Are you protected?
- Protect your company from spear phishing with proper procedures
- Spammers take advantage of Robin Williams tragedy
For information on Barracuda email security solutions, take a look at our Barracuda Email Security Service and the Barracuda Spam Firewall.