New Disruptive E-mail Attack with a  Fraudulent Cover-up

11/17/2017

 

Recently I’ve witnessed, what seems to be a new type of attack. In my case with an existing customer, I received a call about spam messages. This customer was using GoDaddy workspace email. Upon my initial investigation, it would seem like a spammer grabbed hold of the email address and was sending 1000’s of messages an hour. Upon further investigation, I found that the user was being signed up for 1000’s of newsletters using the WordPress engines available on the internet. Shortly then after, the customer received a call from their bank saying someone was trying to withdraw a large sum of money via ACH from their account. The only reason I can think these two are related is, one the email account belongs to the CFO of the company and two the person trying to fraudulently use ACH was trying to cover up the bank notification about the pending ACH transaction.  It seems like an ingenious way to cover their tracks.

As you all probably have seen in the past when you sign into a new device on your google account, you may get a notification that someone has signed in. deploying a tactic such as this may cover over the breach. The unfortunate part about all this is there is nothing you can do. Since the suspected hacker/data breach is using legitimate sites to sign you up, they are not blocked by any spam filters. Now, my customers had to create a new email address. This is a very painful and time-consuming task. Notifying banks, vendors and other services tied to that email account can take an exorbitant amount of time.

After reviewing the security for this client, it was discovered that they were emailing their bank account numbers to a few vendors. My investigative sense says the email account on the receipt end was compromised allow access to routing and account numbers. I cannot stress enough how sensitive your credit card and bank account numbers are. My recommendation to prevent any data breach is to always assume your email and emails to everyone are public. Never email anything you don’t wish the public to see.

 

Justin K. Plaza
914-410-6567

Leave a Reply

Your email address will not be published. Required fields are marked *