Tuesday, April 5, 2011

Secure Electronic Payment?

eWeek reports that Conde Nast paid $8 million to an  e-mail pfishing scam. 

A scammer managed to spear phish media giant Conde Nast and walk off with $8 million after he posed as a legitimate business. With the specter of spear phishing looming in the post-Epsilon-and-Silverpop world, the Conde Nast incident is a timely reminder of how easy it is to fall for a scam.

The steps were fairly straightforward. This scammer created a bank account with a name similar to that of another business that Conde Nast worked with frequently. With account details in hand, the scammer sent an email to the publishing company and requested that all future payments be credited to that bank account. Conde Nast signed the “Electronic Payment Authorization” form and faxed it back, essentially giving its bank, JPMorgan Chase, permission to electronically transfer money into that fraudulent account, no questions asked.

Luckily for the company, the U.S. Secret Service intervened and froze the money in the account

What is scary is that the accounts payroll clerk did not catch the error in the e-mail that clearly shows that the e-mail was fake.  The scammer, Andy Surface  "allegedly sent an email to Conde Nast accounts payable in early November with an “Electronic Payment Authorization” form. The form requested that Conde Nast direct payments for Quad Graphics, a printer who publishes Conde Nast magazines, to the Quad Graph account."

The scam was identified when Quad Graphics called Conde Nast to find out why it had not been paid for its printing services.  
Given how easy it was to set up a scam, one has to wonder how many businesses and individuals suffer losses from similar scams.

No comments: