Spear Phishing Scam Hits Shark Tank Host Barbara Corcoran Who Almost Lost $388,700 to Hackers in Targeted Scam
Hackers sent a spear phishing email scam that successfully stole $388,700 from Shark Tank host Barbara Corcoran. The cybercrime reported by PageSix, was was designed to impersonate her assistant and requested payment for a real estate related invoice. A German bank helped her recover the money.
This cybercrime could have been prevented with a phone call to verify the request. That’s why cyber security training is important.
The hackers sent a phishing email to her bookkeeper. The email was crafted to impersonate her assistant and sent to her accountant with content and a request that seemed legitimate. The scammer emailed the bookkeeper with directions to pay a n invoice for a German company called FFH Concept GmbH. The invoice was to pay for design work on German apartment units that Corcoran had allegedly invested in. FFH Concept GmbH is a real company.
Phishing emails accounted for 90% of data breaches in 2019.
The theft was discovered when Corcoran’s bookkeeper emailed the assistant using her correct email address for a follow-up. The scammer changed one letter in her email address to trick the bookkeeper. The email address was traced to an IP address in China.
Corcoran was able to recover the money. She contacted her bank which in turn contacted the German bank. That bank was able to stop any money transfers out of the German account that hackers had set up to receive money they scammed.
RELATE READ: 10 Cyber Security Tips for Business Travelers
What Was This Phishing Email Successful?
The spear phishing email used information probably gleaned using a common hacker tactic called social engineering. This means they used publicly available information about their intended target to craft a personalized email with content that made sense to the recipient. In this case of spear phishing, the email was sent from an email address that was very close to a legitimate person that works for Corcoran. It has content that talked about real estate, something she regularly invests in. Anyone who watches Shark Tank knows that Corcoran invests in real estate that information is also posted on the front page of her website http://www.barbaracorcoran.com/
No One Is Immune from a Phishing Scam
Corcoran has an estimated net worth of over $80 million USD and is a public figure, so she is easy an easy target for phishing email. Information about her was gathered to send a tailored phishing email. Her assistants, accountants, other people on her team, or those in business relationships with her may have been fooled.
Hackers go after ordinary people too. Although you may think that skilled hackers focus on large businesses, celebrities, or the very wealthy to steal big payouts of cash. Hackers use romance scams, income tax scams, as well as target seniors. Information from dating profiles, social media accounts, and other public documents like real estate transactions are all used to build up a profile for phishing emails.
How to Guard Against Phishing Emails
Never open an email from someone you don’t know. If you believe you know the sender, then check the email address again to be sure. Know the difference between the email box and the friendly name. If you don’t know it, read our guide to spotting a phishing email. In this incident the recipient thought they knew the sender, but the email address was just one letter different than the legitimate assistant’s email.
If someone sends you an email asking to pay an invoice or wire money for any reason, call them verify the request. This would have avoided the entire incident.
