Shark Tank judge, Barbara Corcoran, has recovered almost $400,000 after falling victim to a spear phishing scam. Last week, her bookkeeper was tricked into wiring $388.700 after receiving an email that appeared to come from Corcoran’s assistant requesting payment for a renovation project.
The email sent to her bookkeeper was convincing, and appeared to be routine email. It was only after close inspection of the message that the minor difference of a single letter in the sender’s email address was noticed – proving that the email was a scam targeting the well-known businesswoman.
Attackers can easily craft emails that appear to be genuine, and purchasing an Internet domain that is very similar to one legitimately used by a business gives them an edge. It helps their malicious emails appear to be legitimate – if the recipient is unaware of what to look for.
This can happen to anyone. In fact, Corcoran admitted that she would have fallen for the attack as well. “When she showed me the emails that went back and forth with the false address, I realized immediately it’s something I would have fallen for if I had seen the emails,” Corcoran said.
Thankfully, the bank used by the bookkeeper to wire the payment was able to freeze the transfer before it was deposited into the attacker’s account. Corcoran said her bank asked to freeze the transaction so her team could prove that it was fraudulent.
Everyone is vulnerable to phishing attacks
We’ve all seen phishing emails that are designed to be sent to thousands of people, asking for payments, account credentials, and other pieces of personal information. The type of phishing attack, known as spear phishing, used against Corcoran and her team was a bit more sophisticated.
Spear phishing attacks target individuals with personalized emails containing their name, phone number, or other details in an attempt to trick the recipient into believing they have a connection with the sender. The false sense of familiarity causes victims to openly share their information without the suspicion that a scam is taking place.
Prevent risk by educating your staff
Many businesses use mail filtering solutions that are able to identify and block malicious messages, including phishing attacks, but it’s critical to exercise caution and use good judgment to avoid becoming a victim.
Your staff has a major advantage over firewalls, mail filters, and other security measures designed to keep your business safe: critical thinking. Machines make decisions based on rules, individuals can objectively evaluate situations and take the proper actions to avoid online threats.
Providing your staff with regular training will provide your business with a layer of protection from attacks that slip past systems, and provide them with the insight needed to keep your proprietary information, money, and other assets safe.
Our training department has developed a Security Best Practices training designed to keep users informed on how to best protect themselves and your business. In the training, we review online risks, password best practices, social engineering, examples of phishing emails, malware, and much more.
Is your staff prepared to identify potential risks and avoid falling victim to existing and future phishing attacks? Contact our sales team to learn how Valiant’s training services can protect your business – and how our managed IT services can help it grow.