Many of us know someone who has been the victim of a scam or fraud. Very recently, a couple of our clients have run across a rather sophisticated form of social engineering that has been making the rounds. It's been called many different names: CEO fraud, spear phishing, man-in-the-email (MITE), and Business Email Compromise (BEC). Whatever you choose to call it, the threat is real. In fact, network technology company Ubiquity just disclosed that it was defrauded of $46.7 million because of this technique!
The gist of the attack is this:
Fortunately, in both cases our clients became suspicious and contacted us immediately. Utilizing Microsoft Office 365's mail flow rules, we were able to take swift action and silently block the fake domain from sending future messages to their company. Also, performing a simple WHOIS lookup on the scammer's domain name yielded their registrar. Most registrars have an abuse email/phone number than can be contacted to take action on phony domains such as these.
In one case, the scammer even tried again with a different phony domain once the first line of communication went dead.
Here are just a few tips to help prevent yourself from becoming a victim of social engineering:
For more technical information on this exact scam, we also recommend reading the following articles: