A businessman nearly lost $6 million to hackers, but one word saved his fortune from falling into accounts of hackers and disappearing forever. The victim was in the final stages of a multi-million dollar property deal when cybercriminals managed to hijack the email address of the other party involved in the deal. They then changed the bank account details to their own. It would be difficult to recover the money if it would have been sent.
Saving his fortune credit goes to a junior banker at National Australia Bank NAB named Stacey. She spotted an error in one word of the email communication and was able to stop the transaction. Stacy noticed that the word “‘group” was misspelled in one of the communication emails; it was written as “gruop” instead. When she saw this error she got alarmed and started the investigation and learned that it was minutes away from disaster.
Thai kings of attack are known as BEC scam business email compromise scams. These scams have grown in the last three years and more due to Covid-19 pandemic.
The victim went to school with the same person from whom he was buying the property and trusted him completely. The other party was his lifelong friend and were absolutely trustable. While talking to his friend over email everything was going well until the day before the settlement, he received another email from his friend saying that he has some problems with his account and he would like to receive the funds in his account in Singapore. The victim didn’t really think twice about it but when he informed his bank that he wanted to transfer money to another bank account in Singapore for purchasing a property in Australia, they started doubting. However, as a precaution, the bank took a careful look at the email trail and it was here that Stacey noticed some red flags. Not only was the word “‘group” misspelled, but she noticed that the other party was using different greetings for each email, such as “hi” and “hello.” She also noticed that the general tone of the emails had changed.
How did she spotted Business Email Compromise Scam
“When the client requested to make this transfer, all seemed pretty normal,” Stacey recalled. “It was pretty uniform with other transfers he had done in the past and went to a regular recipient. But as she was reading through some of the communication emails between the client and the seller, she noticed a few changes along the email communication. She first noticed that the word ‘group’ was misspelled as ‘gruop’ and the tone in some of the greetings was slightly different. She also doubted when an offshore account was included and the payment date had been moved earlier. Then she called the seller/ intended recipient of the funds, he confirmed that he had never changed the account and has no account in Singapore and found out that his emails had been compromised.
“Thank God,” Victim said. “It would be a very traumatic experience to lose that amount of money.
Business email compromise scams are on the rise and are very hard to detect. The actual recipient will contact the sender to tell them where their money is, then it will become apparent that they were scammed. In a word of warning, the cybersecurity expert advises anyone making a large transaction to “double- and triple-check. Because if you hit send and the money goes out of the bank’s control, it can be very difficult to get back from an offshore account. As the victim has authorized the transaction on their own free will, generally speaking, the loss will fall on them. Make sure you call all the parties multiple times and confirm the account details over email and calls verbally via a phone call or video call. In another worrying trend, the people behind it are well-resourced and sophisticated people. They are highly sophisticated criminal groups with extremely good resources. These are the same groups that engage in drug trafficking and human trafficking. Because these scams are all digital, you can scam a huge number of victims at a very low cost.
Information security specialist, currently working as risk infrastructure specialist & investigator.
15 years of experience in risk and control process, security audit support, business continuity design and support, workgroup management and information security standards.