Incidents

Shark Tank star Barbara Corcoran was hacked; attackers stole $380k with a phishing email

Nowadays anyone can fall victim to an information security incident, regardless their occupation, social status or income level. According to a recently revealed report, Barbara Corcoran, star of the TV show Shark Tank, was the victim of a phishing scam for which she lost nearly $400k USD, which ended up in the hands of hackers.

Apparently, the attackers used an email with a
typo imperceptible to the naked eye, but enough to deceive the staff of the
renowned businesswoman.

It all started a few days ago, when Corcoran’s
accountant, identified as ‘Christine’, received an email apparently sent by ‘Emily’,
the businesswoman’s personal assistant. At the message, the accountant received
indications to make an electronic transfer for $388,700 USD to a firm called FFH
Concept GmbH
. Although there did not appear to be anything abnormal in
the message, the people involved were about to compromise their information
security, as the email was not actually sent by Corcoran’s assistant.

“Lesson learned”; the message posted on Corcoran’s Twitter account

In some way that has not been determined, the
threat actors got Emily’s email address. Subsequently, the attackers created a
new email address very similar to Emily’s, changing only one letter. Although
the Corcoran accountant asked some questions related to the bank transfer, the
hackers seemed to be aware of the victim’s business, as they managed to deceive
those involved.

It has been reported that it is true that
Barbara Corcoran invests in real estate, and there is a German company called
FFH dedicated to that industry, so the scam seemed credible.

According to an information security firm,
Christine authorized the transaction and subsequently contacted Emily, only
this time she did write to the assistant’s real account, so they became aware
of the fraud, also detecting the fraudulent email address. The incident was
reported to authorities and, while the money has disappeared, authorities and
the bank hope to be able to trace the transaction using the IP of the phishing
message.

The International Cyber Security Institute
(IICS)
notes that phishing remains one of the most widely practiced electronic
fraud
variants, due to the ease of deploying a fraudulent campaign, the
low amount of resources required and the degree of effectiveness of an attack.

To Top

Pin It on Pinterest

Share This