subject:"Re\: \[swinog\] E\-Mail Hacks"

Re: [swinog] E-Mail Hacks

2016-10-07 Diskussionsfäden Steven Glogger

Reminds me of this story:
https://blog.namics.com/2016/09/fake-president-resp-fake-ceo-trick-bei-namics-zahlung-per-mail-angewiesen.html
 


-steven


> Am 07.10.2016 um 14:46 schrieb Mike Kellenberger 
> :
> 
> Hi all
> 
> I might be slightly off-topic here, because it's not a network issue, but it 
> might be of interest to some of you anyway and maybe you've had customers 
> which were affected as well.
> 
> I don't know if this ploy is new, but after having two customers affected 
> within one week, I suspect it is.
> 
> The customer receives an e-mail with an invoice from his supplier, which he 
> trusts and has worked with in the past. Shortly after this e-mail he receives 
> another e-mail from the same sender and in the exact same layout stating that 
> the company has a new bank account and that this account should be used.
> 
> The second e-mail is forged of course. We haven't beeen able to find out 
> where the original mail gets captured (most likely on the suppliers client, 
> because in one case, more than one customer of the supplier was affected).
> 
> The fraudulent bank account was in UK in both cases, in one case the amount 
> was around CHF 6K, where the UK authorities did not get active, in the second 
> case it was a 6 digit amount... That case is still ongoing.
> 
> The fraudulent bank account was already closed again in both cases when the 
> customer realized that his transaction had gone to the wrong account (usually 
> after the supplier asked if the money had not been transferred yet).
> 
> 
> Have you had similar cases?
> 
> 
> Regards,
> 
> Mike
> 
> -- 
> Mike Kellenberger | Escapenet GmbH
> www.escapenet.ch
> +41 52 235 0700/04
> Skype mikek70atwork
> 
> 
> ___
> swinog mailing list
> swinog@lists.swinog.ch
> http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog


___
swinog mailing list
swinog@lists.swinog.ch
http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog

Re: [swinog] E-Mail Hacks

2016-10-07 Diskussionsfäden Claudio Kuenzler

Hi Mike

A friend of mine unfortunately had a similar case with a Chinese partner
firm.
The e-mail correspondence was intercepted - I suspected a trojan in the
Chinese firm (or simply an employee of that Chinese firm going rogue, who
knows...).

The forged mail was exactly as you describe it: The second e-mail stated,
that the bank account information was changed.
However in this case the forged mail clearly came from another e-mail, but
it looked very close to the one from the Chinese partner. Unfortunately my
friend didn't see it.
He asked me to help investigate this as his e-mail account runs on a server
I manage and from the mail logs I could show him that the forged mail came
from another sender.

Take a look at the mail headers and mail logs of the recipient server (if
you can) to verify where the fraud mail came from. Compare the sending
servers, the e-mail address itself can be easily changed as you may know.

I am at this moment not aware of the current status of that case but I know
police investigation (and also investigations on my friends Swiss bank)
were ongoing.

cheers,
Claudio

On Fri, Oct 7, 2016 at 2:46 PM, Mike Kellenberger <
mike.kellenber...@escapenet.ch> wrote:

> Hi all
>
> I might be slightly off-topic here, because it's not a network issue, but
> it might be of interest to some of you anyway and maybe you've had
> customers which were affected as well.
>
> I don't know if this ploy is new, but after having two customers affected
> within one week, I suspect it is.
>
> The customer receives an e-mail with an invoice from his supplier, which
> he trusts and has worked with in the past. Shortly after this e-mail he
> receives another e-mail from the same sender and in the exact same layout
> stating that the company has a new bank account and that this account
> should be used.
>
> The second e-mail is forged of course. We haven't beeen able to find out
> where the original mail gets captured (most likely on the suppliers client,
> because in one case, more than one customer of the supplier was affected).
>
> The fraudulent bank account was in UK in both cases, in one case the
> amount was around CHF 6K, where the UK authorities did not get active, in
> the second case it was a 6 digit amount... That case is still ongoing.
>
> The fraudulent bank account was already closed again in both cases when
> the customer realized that his transaction had gone to the wrong account
> (usually after the supplier asked if the money had not been transferred
> yet).
>
>
> Have you had similar cases?
>
>
> Regards,
>
> Mike
>
> --
> Mike Kellenberger | Escapenet GmbH
> www.escapenet.ch
> +41 52 235 0700/04
> Skype mikek70atwork
>
>
> ___
> swinog mailing list
> swinog@lists.swinog.ch
> http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
>

___
swinog mailing list
swinog@lists.swinog.ch
http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog

Re: [swinog] E-Mail Hacks

Re: [swinog] E-Mail Hacks

2 matches

Site Navigation

Mail list logo

Footer information