Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

CEO targeted by fraud twice a month

Maria Korolov | April 20, 2016
Every couple of weeks or so, Tom Kemp's company gets hit by ever-more-sophisticated attempts to trick them out of large sums of money

Every couple of weeks or so, Tom Kemp's company gets hit by ever-more-sophisticated attempts to trick them out of large sums of money.

It started two years ago, before business email compromise -- also known as CEO fraud -- became as widely-known as it is today.

The email came in addressed directly to the company's controller, asking for a wire transfer of more than $350,000. The email seemed to come from the CFO and was part of a longer chain of emails between the CFO and the CEO discussing the transfer.

"If you looked at the email thread, it looked legitimate," said Kemp, CEO at security firm Centrify. "And there was a real bank account and a real company name associated with it."

The return address looked like that of the actual CFO, as well.

And when the controller emailed back, the response was professional and immediate.

"They had researched our organization, figured out who our controller was, got her email address, created this email chain between the CFO and myself, created this fake domain, and carried on ongoing communications," Kemp said. "I thought this was very sophisticated."

Centrify did have additional checks-and-balances in place, Kemp said, with some paperwork required. But what really stopped the fraud right in its tracks was the fact that he was late to work that morning.

Kemp sits near the accounting office, and when he walked past that morning, his employees told him that they were working on the wire transfer he requested.

"And I said, 'What are you talking about? I didn't request a wire transfer.' At first, I thought it was just us being targeted," he said. "We had just raised a round of financing and thought that someone was doing this to embarrass us."

But looking into the situation, it turned out that the return address on the email came from a look-alike domain address that had only been registered that morning. At the same time, fraudsters registered similar spoofed domains for 60 other companies.

Since them, Kemp said, attackers have also tried going after his father's company, a 50-employee leasing firm in Michigan, where they tried to get around $35,000.

"It's happening for all-sized organizations," he said.

He also said that he's seen some evolution in tactics. Instead of asking for wire transfers, for example, some fraudsters are asking for sensitive company documents, such as employees W-2 forms. Others are sending emails to all of a particular vendor's customers asking them to update billing details.

"When it comes time to pay the bill, they're now wiring their money to the bad guys," Kemp said. "The entire month's worth of payments has now been completely stolen and vectored to the crooks."


1  2  Next Page 

Sign up for Computerworld eNewsletters.