Would you have fallen for this phishing attack?

Version imprimable, PDF et e-mail

An interesting spear-phishing attempt was observed last week. The Company Controller received the following email:

From: Ray CEO <[email protected]>

Subject: Fwd: Wiring Instructions

To: Bob Controller <[email protected]>


Process a wire for $221,335.46 to the attached instructions, charge to admin expenses. Send me the wire confirmation once completed.


———— Forwarded message ————

From: Phil COO <[email protected]>

Date: Apr 15, 2014

Subject: Wiring instructions

To: [email protected]


Per our conversation, attached is the wiring instructions. Forward wire confirmation when you have it.



These are the real names and email addresses of the company's CEO and COO. Well… not quite. Among other things, we changed the domain name to protect the identity of the targeted company, but it’s still similar enough for you to see how “Ray” worked his scam. Check out the alleged email address of the company head – note the extra “i” in “exampledomaiin.com”. In some fonts, those characters are very close together, which can make the altered spelling easy to miss.

The PDF file attached to the email contained the name of a Chinese lighting company, a Hong Kong bank, SWIFT code, and account number. The Chinese company name is legit, but the account number … probably not.

Bob replied, with appropriate deference to the CEO of the company, questioning the large out-of-procedures expenditure and how it would affect the company's balance sheet for the quarter. “Ray” sent him a curt response.

From: Ray CEO <[email protected]>

Subject: Fwd: Wiring Instructions

To: Bob Controller <[email protected]>

Will give you more info on this later. You can have it booked differently for the financial impact to be spread. I will request for the wire confirmation when I need it.

Fortunately, Bob caught on before actually wiring the money. After some back and forth about confirmation of the wire transfer, including an “it's on the way” message, Bob sent “Ray” an email with a large image that he felt appropriately communicated his opinion of the scam.

If the thief hadn't been quite so greedy, though, he might have gotten away with it. A smaller, but still significant amount of money might not have triggered alarms in Bob’s mind.

This is an example of a very targeted email phishing attack. The scammer did his homework; he knew the names and email addresses of the CEO, COO and Controller. He also seems to have known something about general business accounting – asking Bob to link the expenditure to “admin expenses.” Then, to mask his identity, set up a domain that was only one character different from the target company’s domain.

Quality email scanning software can prevent millions of phishing attacks from ever reaching your inbox, but none are foolproof. Carefully crafted scams like this reinforce the importance of remaining vigilant and informed, and having procedures in place to ensure that transfers of money and company confidential information are properly authorized. It’s a weak practice to rely solely on the basis of email, even if it appears to come from the company’s CEO.

Questions or comments?  Connect with us on Facebook, LinkedIn, Twitter or Google +. Check out our videos on YouTube.

If you liked this post, you might enjoy these:

Remonter en haut de page