March 13, 2019
It’s not that uncommon of a story. A contract manufacturer, let’s call them ABC Manufacturing, had been working with a trusted metal supplier, 123 Metals, for more than 20 years. They worked together on numerous deals and had honed their communication style over the years. In fact, it was completely normal to communicate through email on a variety of items, including price negotiations, purchase orders, invoicing and more.
The companies’ employees even got to know one another so well, they would ask about their families, weekend plans and so on.
Because a personal email was a completely typical exchange, Bob at ABC Manufacturing received the following email from John at 123 Metals one Monday morning.
Hi Bob, how was your weekend? Looks like snow is in the forecast again for you guys. Not sure if winter will ever let up.
I’m attaching this month’s invoice for order #592312. You may notice the invoice looks a little different. We are undergoing a software change and for this month only, are asking our customers to wire their payments instead of sending a physical check.
Let me know if you have any questions and I can help you through this process. I’m also working on negotiating a price for part #CO347 and will have that information to you later in the week.
Bob and John had worked together for a long time, so without much of a second thought Bob had the funds wired to 123 Metals. In total, following the supplier’s “wire instructions,” Bob sent a $500,000 payment to his trusted metal supplier and moved on with his day.
A month later, John at 123 metals called Bob as he returned to the office from lunch. He was inquiring why ABC, who was normally so reliable, hadn’t mailed a check for this month’s payment.
With a sinking feeling, Bob realized what had happened. The email and the electronic wire instructions were fake. Hackers had managed to walk away with $500,000, with a slim likelihood the funds would be recovered.
Tips to Help Protect Yourself from Email Spoofing
What happened to Bob is called phishing, and it’s a common tactic for hackers. While some phishing attempts can be easy to spot, many attacks are becoming extremely sophisticated and hard to spot. Here are a few tips to think about before you get spoofed:
Why You Have to Always Be on the Lookout for Potential Scams
The moral of the story isn’t hard to figure out: you and your company must always be on guard for potential hacking scams. Hackers are becoming more sophisticated every day. Their impact is widespread and not based on industry or company size.
Email spoofing can happen to anyone. Now is the time to protect yourself and your company from hackers.
If you are concerned that you may have already been the victim of email spoofing, please contact your local IT team immediately. They can help to identify and limit the impact of any data breach that may have occurred.
If you have any questions about these services or would like to better understand how we help our clients feel more confident about their cybersecurity, please contact Anders Erickson, Director of Cybersecurity Services, at email@example.com or (208) 383-4731.