What a Real-Life Spear Phishing Campaign Looks Like

spear-phishingMost people would like to believe when it comes to a phishing attack, that they won’t be fooled.  After all, an email that comes in supposedly from FedEx with a link to track a package shouldn’t fool someone who isn’t expecting a package from FedEx. Spear phishing attacks are a little different, in that they are targeted to a specific person, supposedly from someone you trust.  For example, you may receive an email supposedly from your CEO asking you wire five thousand dollars to this number right away.  Seems legit, right?
Recently, Barbara Corcoran was a victim of a successful spear phishing campaign, that saw the real estate mogul and Shark Tank star robbed of over $380,000. Here’s how the scam worked. The scammers used an email address that looked like it belonged to Corcoran’s assistant, but was misspelled by one letter. In the email, a fake invoice from FFH Concept GmbH—a legitimate German company—for $388,700.11 for real estate renovations, was sent to Corcoran’s bookkeeper.  It didn’t raise any red flags because Corcoran invests in real estate. So, the bookkeeper wired the money to the account listed in the email. Could you be fooled by this type of email?  The above scenario likely happens in businesses around the world many times over.  In many cases, people are legitimately asked to wire money for business deals.  How can you prepare yourself, so that this type of scam doesn’t happen to you? One tip to avoiding this type of fraud is to check the headers to see where the email came from.  Did it really come from the CEO (or assistant)?  If checking the headers isn’t enough to verify the email, you can always call the sender and ask.  Remember, if a request seems strange and unusual, it’s always better to ask first. No one will fault you for trying to save the company money. Think your employees can spot a spear phishing attack a mile away?  Contact Uzado about our phishing awareness training and find out where the gaps may be in your organization.

Leave a Comment

Your email address will not be published. Required fields are marked *