MFA (could have) saved the day!

After one of the most sophisticated spoofing and phishing attacks we have ever witnessed, a CFO reached out to us for help. A criminal pretending to be him sent an email to his customer requesting that they pay by ACH rather than the usual method of paying by check.  

The criminal followed up with the customer several times over the next few days after not receiving a response and copied others in the CFO’s accounting department. After the third follow-up email, the customer sent an email to the CFO apologizing for not responding and followed up later, confirming that the wire transfer had been withdrawn from their banking account. The customer then received an email (seemingly) from the CFO thanking them for the payment. 

All of these emails were sent from addresses that appeared to be the appropriate <domain.com> when they were actually sent to an email address created by the criminal. Buried deep in the sent email, the “reply to” address was altered, causing it to route to a very similar <domain.co> domain name the attacker purchased to pull off this heist. Even the format of the email signatures of both parties and their familiar first names were used. The CFO’s customer had paid almost a quarter of a million dollars to the criminal! 

What happened to allow the criminal to get the information necessary to pull off such a scam? They had hacked an email account of one of the CFO’s company’s employees and used it to extract the information they needed from the company’s data.  

MFA or multi-factor authentication could have prevented this. The criminal would have had to not only hack the email password involved but would have had to successfully respond to the request for further information to penetrate the data store involved. 

MFA may be a source of annoyance, but it can save thousands in lost cash and time. If you aren’t using MFA, ask your MSP or IT resource to recommend a solution and implement it.