Man in the Middle Attack made a 1.65 Million US Dollar Profit for Victimizing Three Businesses 2013

Three Seattle-Area Businesses Targeted in 2013

The FBI Seattle Field Office is aware of a fraud victimizing Washington state-based businesses, nicknamed “Man-in-the-e-mail”-Scheme for being an e-mail variation of a known “man-in-the-middle” attack. The FBI wants the public to learn about this scam in order to avoid being victimized.

In 2013, at least three area companies (in Bellevue, Tukwila, and Seattle) were led to believe they were sending money to an established supply partner in China. Fact is, fraudsters intercepted legitimate e-mails between the purchasing and supply companies and then spoofed subsequent e-mails impersonating each company to the other. The fraudulent e-mails directed the purchasing companies to send payments to a new bank account because of a purported audit. The bank accounts belonged to the fraudsters, not the supply companies.

Total loss experienced by the three area companies is roughly 1.65 million USD. In some cases, the metadata on the spoofed e-mails indicated that they actually originated in Nigeria and/or South Africa.

Under this scam, both companies in a legitimate business relationship can be victimized. The supplier may first ship out the legitimately ordered products and then never receive payment (because the purchasing company was scammed into paying the scammer-controlled bank account). Or, the purchasing company may first make a payment and then never receive the ordered goods (because the supply company never receives that payment).

Keine Kommentare:

Kommentar veröffentlichen