Advanced Phishing Scam Targets CEOs, CFOs for Phony Cash Transfers

NEWS ANALYSIS: Social engineering is a major factor in the success of a sophisticated new fraud that's already resulted in the theft of millions from U.S. corporations.

Download the authoritative guide: The Ultimate Guide to IT Security Vendors

Phishing Scam

The email that Michael Becce shared with me certainly looked real. In the message he appeared to ask the CFO of the corporation he runs to send a large, but not unusually large wire transfer to a bank.

"I need you to do a wire of 28,500USD to the attached account. Kindly let me know as soon as transfer is done and send me a transfer confirmation in reply," the email said, and concluded, "Awaiting your reply." Attached to the email was a wire transfer form with an account at a Chinese bank.

Becce, who is CEO of MRB Public Relations, said that the payment might have gone through but for a couple of reasons, notably that the CFO in his company is also his wife who knew that he would have said something about such a transfer rather than simply using an email. In addition, the signature block used the company's previous address, not the current one.

Other companies haven't been so lucky. Bonnier Corporation, publishers of a number of lifestyle publications including Popular Science, Scuba Diving and Flying, also received such an email, but in this case the amount was much larger.

There, the amount was two payments of $1.5 million, to be sent to a bank in China. An executive in the company's accounting department sent off the first payment and then decided to ask the CEO if he'd really authorized it.

As it happens, the then-CEO Dave Freygang did not authorize the payment and didn't send the email. The accounting department staff was able to recall the second wire transfer before it got to the destination. Freygang, who has since left the position as CEO, told the New York Post that the Chinese banking regulators have not been willing to cooperate in retrieving the money.

Bonnier spokesperson Perri Dorset said that she was unable to comment beyond the story that appeared in the Post, telling eWEEK that the company had been asked by the FBI, who is investigating the fraud, not to make any additional statements.

Shortly after the Bonnier fraud took place, the U.S. government issued a warning. According to a notice from the Financial Services Information Sharing and Analysis Center, working with the FBI and U.S. Secret Service, this kind of business email compromise (BEC) is making a sudden jump in popularity.

"BEC is a type of payment fraud that involves the compromise of legitimate business email accounts for the purpose of conducting an unauthorized wire transfer," the government's statement says.

The way it works is that the accounting or finance department of a corporation will receive an email from someone who appears to be the company's CEO directing payment by wire transfer to a bank account. The email usually says that the need is urgent, and highly confidential, and it directs the immediate payment without further authorization. Normally, the email appears to come from the CEO's company address.

Wayne Rash

Wayne Rash

Wayne Rash is a freelance writer and editor with a 35 year history covering technology. He’s a frequent speaker on business, technology issues and enterprise computing. He covers Washington and...