Cybercriminal tricks client to wire funds to overseas bank account using spoofed email
Dubai: A Dubai firm has lost $53,000 (Dh194,700) after a cybercriminal hacked its email and then used a spoofed email to trick its client to wire the funds into an overseas bank.
Binu Manaf, CEO-cum-managing director of Cheers Exhibition in Al Quoz 2, said the money was intended to pay for an exhibition stand they had built for the upcoming GITEX event in Dubai.
“This is not a crude phishing attack, but one which involves a high level of sophistication,” said the Indian expat.
Manaf said he didn’t realise their email account had been hacked until one of his clients enquired if he had sent out emails seeking payments into an overseas account instead of a local bank in Dubai.
“That set the alarm bells ringing because we hadn’t sent out any such email,” recalled Manaf. “As it turned out, our email had been hacked. Unknown to us, a cybercriminal had been scouring through all our correspondence containing details of ongoing contracts and outstanding payments,” he said.
“Once the fraudster had familiarised himself with our business operations, he impersonated our company by creating a spoofed email address that looked deceptively similar to our email,” said Manaf, showing email trails where the letter ‘i’ in the company’s actual email firstname.lastname@example.org had been cleverly replaced with the letter ‘l’.
Using the manipulated email@example.com email, the fraudster then contacted several of Cheers’ clients and instructed them to make payments to Nordea Bank headquartered in Finland.
“Since the difference in the emails was not apparent to the naked eye, a Russian client fell for it and unwittingly remitted $53,000 into the overseas account as advised. We had built an exhibition stand for him and were communicating with him for payments,” said the company’s managing partner Akna.
Manaf said the hacker’s ingenuity has left him shocked.
“To make his own emails appear genuine, the hacker spoofed the email addresses of my accountant and managing partner as well as they were also copied in all our correspondence. He even copied our email signatures and business logos. The invoice was also similarly forged,” said Manaf who is now contemplating adopting a two factor authentication including telephone calls to verify all future financial transactions.
Manaf said had they not been alerted by a Chinese client they would have incurred more losses.
“I have little hope of recovering my money as it’s been remitted to a bank in Europe where the fraudster had opened an account in Cheers Exhibition’s name, he said.
Email impersonation attacks which make up for 20 per cent of advanced email attacks can’t be easily detected by spam filers, according to email security and protection firm Agari. “There has been a new wave of account takeover attacks leveraging compromised accounts to commit fraud, which evade traditional email security controls,” said Crane Hassold, Sr. Director of Threat Research, Agari.
How to avoid becoming a victim of email hacking
1. Alert your clients about changes in payment instructions: Let current and new clients know that your banking details will never change
2. Run Your antivirus programme: Run an end-to-end antivirus scan if you suspect your email account has been hacked
3. Change your passwords: Change your passwords every few weeks. Your new password should be markedly different from your old one. Avoid passwords that are tied to your name, birthday or similar personal statistics. Your password should be unique for each account, and contain a mix of letters, numbers and special characters
4. Notify people you know: Let your friends, family and anyone else on your email contact list know if you are account has been hacked.
5. Change your security questions: Many users choose the same answer to common security questions. Don’t do that.