One of the stars of the hit reality TV show “Shark Tank” lost nearly $400,000 as the result of a successful spear phishing attack.
“For that Reason, I’m Out…of $400K”
The attack occurred in mid-February 2020 when Christine, the bookkeeper for “Shark Tank” star Barbara Corcoran, received an email chain that appeared to originate from Emily, Corcoran’s executive assistant. In the email, “Emily” approved an invoice of $388,700.11 from a company called ffh concept GmbH for payment. The invoice itself indicated that ffh concept GmbH would proceed with payment “next week” if it received payment from Corcoran on time.
Corcoran is one of the five industry titans on ABC’s “Shark Tank.” In the show, entrepreneurs pitch their ideas to Corcoran and the other four “sharks.” Each contestant tries to convince these sharks to invest money into their ideas so that they can turn their idea into a lucrative business.
As reported by TMZ, the email scammers changed one letter in Emily’s actual email address to create a convincing disguise of Corcoran’s executive assistant. They also had a story ready for when Christine began asking questions. Indeed, when Christine asked what the money was for, the scammers responded by saying that ffh concept GmbH was in the process of designing apartment units in which Corcoran had invested. This story did not raise an alarm. Ffh concept GmbH is an actual marketing agency located in Hürth, Germany, after all, and Corcoran has invested in real estate in the past.
Christine ultimately wired the money over to the account specified in the invoice. She then contacted Emily about the payment at her real email address. Upon realizing what had happened, Emily notified Corcoran and her IT team. The latter launched an investigation into the scam and traced the email attack back to an IP address located in China.
Fortunately, Corcoran took the successful attack in stride. As quoted by People:
The scammer disappeared and I’m told that it’s a common practice, and I won’t be getting the money back…. I was upset at first, but then remembered it was only money.
Corcoran also took to Twitter to warn users so to “be careful when you wire money.”
Tracking the Rise in Email-Based Attacks
The email attack above underscores how malicious actors are accustomed to using convincing email addresses and message chains to prey upon high-profile individuals. In some of these attacks, threat actors use spear phishing campaigns from convincing lookalike email addresses to target their prey with fake correspondence from trusted senders. In other cases, they use malware or a convincing email message to seize control of their prey’s email account in what’s known as a business email compromise (BEC) scam. They then abuse that email address to conduct secondary attacks like vendor fraud. In this type of ruse, malicious actors pose as a vendor using the compromised email addresses of their target to trick customers into wiring over money to a bank account under their control as a means of payment for either a legitimate or fake invoice.
Business email compromise scams have caused their fair share of trouble over the past few years. In 2019, for instance, the FBI’s Internet Crime Complaint Center (IC3) received a total of 23,775 business email compromise / business email account (BEC/BEA) complaints. Collectively, these emails cost victims a combined total of $1.7 million in losses, as noted by IC3 in its 2019 Internet Crime Report.
Augmenting Your Organization’s Email Security Defenses
The attack involving Corcoran highlights the need for organizations to defend themselves against email-based attacks. One of the ways they can do this is by investing in a sophisticated email security solution for that’s capable of analyzing incoming email messages for suspicious IP address malicious campaign patterns and other symbols. This solution should conduct this level of analysis in real-time so as to not prevent legitimate correspondence from reaching their intended destination.
Learn how ZixProtect can help your organizations defend against an email attack today.