Scammers fleeced a Chinese venture capital firm out of a $1 million payment meant for a startup by using malicious emails to steal the cash, according to new findings from Check Point Technologies.
As part of the scheme, thieves posed as employees from an Israeli company hoping to raise seed funding from Chinese venture capitalists. By using email addresses that appeared remarkably similar to the actual startup, thieves posed as real Israeli employees in communications with an account manager at the Chinese investment firm. It was only after the $1 million payment went through when the actual startup realized it hadn’t received its payment, and the Chinese VC firm began to understand it’s money was gone.
Unlike a traditional business email compromise, when hackers infiltrate a high-level corporate email account and monitor messages before making a cash grab, the attackers in this case registered separate fraudulent domains that appeared to belong to both the startup and VC (they added a single “s” to each company name on the new domains). It’s a tactic that allowed them to carry out the “ultimate” man-in-the-middle attack, the company wrote.
“Every email sent by each side was in reality sent to the attacker, who then reviewed the email, decided if any content needed to be edited, and then forwarded the email from the relevant lookalike domain to its original destination,” Matan Ben David, an incident response analyst, wrote in Check Point’s blog.
“Throughout the entire course of this attack, the attacker sent 18 emails to the Chinese side and 14 to the Israeli side. Patience, attention to detail and good reconnaissance on the part of the attacker made this attack a success.”
For organized crime groups operating online, business email compromise is the fraud technique that seems to be worth the investment. Digital grifters made off with $301 million per month in 2018 via BEC scams, the FBI reported in July, and it only takes one haul for all the effort to be worth it. The $1 million stolen in this attack likely will fund other crime sprees, while other victims, like the Japanse conglomerate Nikkei, recently have reported losses as high as $29 million from similar activity.