By Davis Merrey
October 4, 2022

MFA (could have) saved the day!

Multi-factor authentication can stop hackers and spammers before vital information or money is stolen.

After one of the most sophisticated spoofing and phishing attacks we have ever witnessed, a CFO reached out to us for help. A criminal pretending to be him sent an email to his customer requesting that they pay by ACH rather than the usual method of paying by check.  

The criminal followed up with the customer several times over the next few days after not receiving a response and copied others in the CFO’s accounting department. After the third follow-up email, the customer sent an email to the CFO apologizing for not responding and followed up later, confirming that the wire transfer had been withdrawn from their banking account. The customer then received an email (seemingly) from the CFO thanking them for the payment. 

All of these emails were sent from addresses that appeared to be the appropriate <> when they were actually sent to an email address created by the criminal. Buried deep in the sent email, the “reply to” address was altered, causing it to route to a very similar <> domain name the attacker purchased to pull off this heist. Even the format of the email signatures of both parties and their familiar first names were used. The CFO’s customer had paid almost a quarter of a million dollars to the criminal! 

What happened to allow the criminal to get the information necessary to pull off such a scam? They had hacked an email account of one of the CFO’s company’s employees and used it to extract the information they needed from the company’s data.  

MFA or multi-factor authentication could have prevented this. The criminal would have had to not only hack the email password involved but would have had to successfully respond to the request for further information to penetrate the data store involved. 

MFA may be a source of annoyance, but it can save thousands in lost cash and time. If you aren’t using MFA, ask your MSP or IT resource to recommend a solution and implement it.  

Subscribe to Email Updates


Get Edmond Business news in your inbox.

  • This field is for validation purposes and should be left unchanged.

About Davis Merrey

Davis, is Owner/CEO of TeamLogic IT of Oklahoma City, part of an international network of franchisees providing IT support for businesses. He brings many years of experience in a variety of technology related industries, leading teams in providing technical solutions that respond to critical customer needs. The company culture is defined by its Mission Statement: “To help our fellow employees and clients be successful”.

Davis earned a BS in Electrical Engineering from the Virginia Military Institute and an MBA in Management from Golden Gate University in San Francisco. He serves on several business related and non-profit boards of directors.