Over the weekend, I received several cryptic e-mails from my CFO, Mark Harris, asking if I had approved the wire template for “the wire I had requested.” We were in the process of making a few wire transfers on Monday but I had already approved those and communicated that to him. He repeated the question a few times, but I still didn’t think anything of it. He asked me again in person this morning. That’s when I started to dig in.
Here’s the first e-mail Mark had received:
The attachment in that e-mail was an invoice for $52,140.60:
The suspicious sender of the e-mail [email protected] should have thrown Mark off immediately. But I send e-mails like this to Mark all the time, understandably he’d read the e-mail, load up the wire, and we’d be on our merry way.
And that’s what he did. The invoice looked like any other invoice we’d process from our vendors. Mark loaded the wire template into our banking system and luckily his instinct kicked in and he flagged it for me before I blindly approved it. Here are some other e-mails the scammer tried to pressure Mark with.
As you can see, I’m becoming quite persistent and at any point Mark could have gone in and overridden the banking platform to process the wire and rewarded the scammer. Several months ago though, Mark and I agreed that we would adhere to a specific process: he loads the wires and I approve, or vice versa. Maintaining that process and communicating is what kept the money safe.
It’s crucial to work out these types of processes, especially on the executive level. Money wiring scams like this are becoming prominent, and you never know how or when you will be attacked. Letting your guard down just one time can put you in a very costly situation. Personally, I will keep a better eye out on the approvals that I am making and I encourage you to do the same, however it may apply to your business or personal life.
5 replies on “Poor communication can cost you $52,140.60”
Well done for spotting this sophisticated social engineering attempt!
Our CFO got hit with one of these attempts recently as well. Luckily it was easily caught with a verbal confirmation. The perpetrators are getting more bold and more skilled. Wouldn’t be surprised if they are quietly stealing a fortune.
[…] potential victims might be senior officers within a company (Malwarebytes’ CFO was hit with one a few months back) or a government organization that are likely to possess sensitive information, such as login […]
[…] at a smaller group of potential victims, including senior officers within a company. In fact, Malwarebytes’ own CFO Mark Harris was hit with one a few months back. Government organizations that are likely to possess sensitive information such as login […]
I’d say you need to register domains that are close to Malwarebytes, that would have prevented that scammer owning malwerabytes and ineffect the email that was used.