Targeted financial fraud

We were recently alerted to an example of an attempted highly-targeted financial fraud. Now, we see fraudulent emails all the time, but fortunately most are immediately apparent to the recipients. In this case, however, the attacker had done their homework. The initial email used a forged From address in order to appear to be from the head of department; the recipient was a member of the department’s financial team (names have been changed):

From: Professor George Challenger [mailto:george.challenger@dept.ox.ac.uk]
To: Edward Malone
Subject: Request

Hello Edward,

I will need you to do a wire transfer as soon as possible.Please,get back to me via email for the beneficiary details.

Thanks.

Professor George Challenger.

The recipient of the mail initially considered this plausible and sent a reply, failing to notice that the original email had a Reply-to address set to go to a Gmail account with no obvious connection to the head of department. They received the reply shown below, but thankfully became suspicious and consulted a member of IT staff:

From: Professor George Challenger [mailto:george.challenger@dept.ox.ac.uk]
To: Edward Malone
Subject: RE: Request

Hello Edward,

Though, the invoice not yet received from the solicitor. I will send you the invoice as soon as possible.

kindly process a Wire Transfer to the below banking details.

Bank Name: HSBC bank
Account Name : MR DAVID AGNEW
Account Number : 98765432
SORT CODE: 123456
Amount : 9,236.83 GBP

Kindly Make the transfer same day transaction and send me the bank confirmation copy for payment references via email.

Thanks.

Professor George Challenger.

Remember, it’s all too easy to impersonate someone by email. Be especially wary of anything involving money, passwords or personal details, or that seems a little out of the ordinary. Contact the person in question by other means. Get a second opinion as to whether the email seems genuine. A little scepticism can avoid an expensive and embarrassing mistake.

Posted in Current Threats, Email, General Security | Comments Off on Targeted financial fraud

Comments are closed.