The Cybercrime Files- Case #104: The Heavy Machinery Hacker
*This is a true account of a local cybercrime. However, the names of the victims and businesses have been changed to protect their identities. To learn more about Cyber Security Services in Akron, OH click here.
OFFENSE: Email Fraud
VICTIM: DDD Construction
LOCATION: Akron, OH
LEAD INVESTIGATOR: Patrick Carroll
NOTES: Email fraud has been around since the earliest days of the internet. Today, it’s hard to go even a single week without receiving some sort of spam or chain letter.
Fortunately, most of us have a pretty good idea of what to look out for—if someone asks you to wire money or for your bank account number in an email; chances are it’s a phishing scam. And if you get an email saying that you’ve won the big sweepstakes…well, as much as we wish it were true, it’s pretty easy to conclude the sender is up to no good.
But what happens when you get an email from a trusted source asking you for money to complete a business transaction that has been in the works for several weeks?
In the case of DDD Construction, you get ready to send the money.
FINDINGS: DDD Construction is a small company based in Akron, Ohio looking to grow their operation. In order to meet customer demands and stay competitive in the market, DDD decided they needed a new piece of heavy equipment.
After weeks of shopping around, DDD found exactly what they were looking for. Phone calls were made, emails were sent, and the price was negotiated to $15,000.
Shortly after the price was agreed upon, DDD received an email from the seller asking DDD Construction to wire the $15,000 over immediately. They claimed to have another buyer interested in the machinery, and needed the money right away or would be forced to sell to the other interested party.
Even though this wasn’t standard practice for the seller the emails seemed legit and were written in the same style/tone as the previous emails.
Minutes before wiring over the money the CFO of the construction company called the seller to verify the transaction. The seller had no idea what he was talking about. The email had been sent from a hacker posing as the seller!
Find out if your company is vulnerable to a Cyber Attack with this Free Network Security Assessment.
CONCLUSIONS: Email scammers are getting more and more creative. In this instance, a cyber criminal hacked into DDD Construction’s email account and monitored all of their incoming and outgoing emails.
After reading the emails sent between the seller and DDD, the hacker posing as the seller, sent DDD Construction an email asking that the money be wired over (to his account- disguised as the seller’s business account) immediately. Because the hacker had been monitoring the emails all along he was able to mimic the seller’s writing style and voice, making it very difficult for DDD to suspect anything was wrong.
This type of scam is becoming more and more common and we’re seeing a lot of this email scam in Akron, OH lately. This isn’t the first instance we’ve come across of a cyber criminal hacking into a business email account and posing as a client or customer.
We have also been seeing similar instances of hackers posing as someone’s family member or friend and asking for financial help.
WHAT YOU CAN DO: If you have any doubts, double check- especially if money is involved. It can be very hard to distinguish between a real email and email fraud if a hacker is using a trusted email account from someone you know.
It only takes a few minutes to pick up the phone and verify that what was said in the email is true. Fortunately for DDD Construction they made the call, and it saved them $15,000!
Read more about ways you can protect your business with our Akron Cyber Security Services.