Even Tech Savvy Organizations can Fall for Phishing Schemes

Zarathustra[H] · Mar 22, 2017

The Department of Justice yesterday unsealed an indictment against a Lithuanian man who successfully swindled $100 million out of two American tech companies. (Here, have the verge link too, because reading bureaucrat can be tiring.) The 48 year old Latvian man reportedly opened a business in eastern Europe with the same name as a major PC hardware vendor in China, and then proceeded to, through deceptive emails, convince two major multinational U.S. tech firms to make payments to his account totaling $100 million. Why he didn't immediately buy bearer bonds and and take off for a non-extradition treaty country is beyond me. I guess he wasn't a master mind after all.

What stands out to me is that I often hear people express sentiments ridiculing scam victims, and stating how this wouldn't happen to them, they are either too smart or too experienced to fall for these tricks, or to click on bad links in emails, or open attachments etc. etc. and because of this they don't need to take standard precautions like always running their machine in a limited user account, keeping UAC enabled, running AV, etc.

If this story illustrates anything, to me it seems that is that anyone can fall for these things. Maybe not in their most alert and vigilant state, but all it takes is being in a rush one day, or being tired after a night of poor sleep or just having an off moment and making a mistake, one that you should know better than to make. I feel the take-away should be, if sophisticated major tech companies can fall for a phishing scheme, so can you, so buckle up, and take every layer of security, no matter who you are.

What’s more important is that representatives at both companies with the power to wire vast sums of money were still tricked by fraudulent email accounts. Rimasauskas even went so far as to create fake contracts on forged company letterhead, fake bank invoices, and various other official-looking documents to convince employees of the two companies to send him money.

Rimasauskas has been charged with one count of wire fraud, three counts of money laundering, and aggravated identity theft. In other words, he faces serious prison time of convicted — each charge of wire fraud and laundering carries a max sentence of 20 years.

charold · Mar 22, 2017

A couple of years ago our finance controller almost wired out a large sum of money as well. They had created a domain and replaced the first character, an i, with an l, such that you would never notice. Luckily our finance controller caught it literally one click away when he called the CEO and confirmed with her that she didn't authorize any money transfers to said company.

fadedlogic · Mar 22, 2017

It is scary how good these folks are getting. Working for a large company we get sophisticated phishing emails all the time. We had to reeducate traveling staff to be very careful about the information they share in their travels to bartenders, uber/taxi/livery drivers, hotel staff, etc. The more sophisticated operations target attacks from or to emails of staff out of the office for wire transfers and such. We've had a couple near misses on some of the better crafted emails. We were able to get insurance policy endorsements to cover us in the event of a successful wire fraud email.

Nytegard · Mar 22, 2017

Zarathustra[H] said:
What stands out to me is that I often hear people express sentiments ridiculing scam victims, and stating how this wouldn't happen to them, they are either too smart or too experienced to fall for these tricks, or to click on bad links in emails, or open attachments etc. etc. and because of this they don't need to take standard precautions like always running their machine in a limited user account, keeping UAC enabled, running AV, etc.

If this story illustrates anything, to me it seems that is that anyone can fall for these things.

It's not really surprising. A year or so ago, the BBB came out with a study that said millennials (34%) are the biggest group to be scammed, and not the elderly (11%), as is the common myth. Also, the higher your level of education, the more likely you are to fall for scams.

http://www.bbb.org/columbia/news-ev...ials-more-likely-to-get-scammed-than-boomers/
https://www.forbes.com/sites/nextav...to-be-scam-victims-than-boomers/#7eb1719e685c

Greed makes us all dumber, and hubris of our intelligence blinds us from our own faults.

Zarathustra[H] · Mar 22, 2017

Nytegard said:
It's not really surprising. A year or so ago, the BBB came out with a study that said millennials (34%) are the biggest group to be scammed, and not the elderly (11%), as is the common myth. Also, the higher your level of education, the more likely you are to fall for scams.

http://www.bbb.org/columbia/news-ev...ials-more-likely-to-get-scammed-than-boomers/
https://www.forbes.com/sites/nextav...to-be-scam-victims-than-boomers/#7eb1719e685c

Greed makes us all dumber, and hubris of our intelligence blinds us from our own faults.

That is surprising. I had not seen that one.

The expectation is that the less tech savvy are more likely to fall for these things, but this suggests that something completely different is at play.

Twisted Kidney · Mar 22, 2017

Zarathustra[H] said:
That is surprising. I had not seen that one.

The expectation is that the less tech savvy are more likely to fall for these things, but this suggests that something completely different is at play.

Honestly, it doesn't surprise me at all. The youngins commonly have no knowledge of how their doodads and social networks - work. Their devices are an integral part of their day-to-day life but they don't understand them like nerds would and do. They're tech saturated, not tech savvy.

In effect, they're really no different from any other generation in that regard, nerds like us - whatever generation - understand our technology. Most people in any generation don't understand it, the big difference is how dependent generations are on these devices. Imagine all of your family generations had smart phones, PCs, and consoles at home. Even grandma and grandpa. What free-tech-support hell would you, as the family geek, be living in? Now imagine they all know the basic functions but don't understand the security...

nutzo · Mar 22, 2017

Nytegard said:
It's not really surprising. A year or so ago, the BBB came out with a study that said millennials (34%) are the biggest group to be scammed, and not the elderly (11%), as is the common myth. Also, the higher your level of education, the more likely you are to fall for scams.

Just because you have a high level of education, it doesn't mean that you are more tech savvy or even smarter than someone who isn't as educated.
I've meet many people with fancy degrees that where clueless about much of real life.

As for millennials, they are young and just don't have the real world experience necessary to develop a healthy level of cynicism about everything.

Slade · Mar 22, 2017

I can't help but think of Kyle's other thread that they should have turned on their anti-scam devices...

On a serious note, the level of sophistication of scam artists knows no bounds. The wife almost clicked on a link from a text message on her phone indicating her bank account information was compromised. My retort to that was, since when did banks use text messages to contact you? As far as I know, they freeze your accounts first, and you either discover you can use your card on anything, or you find an odd voicemail saying please go into the nearest branch to discuss your account problems.

Zarathustra[H] · Mar 22, 2017

Slade said:
I can't help but think of Kyle's other thread that they should have turned on their anti-scam devices...

On a serious note, the level of sophistication of scam artists knows no bounds. The wife almost clicked on a link from a text message on her phone indicating her bank account information was compromised. My retort to that was, since when did banks use text messages to contact you? As far as I know, they freeze your accounts first, and you either discover you can use your card on anything, or you find an odd voicemail saying please go into the nearest branch to discuss your account problems.

I caught myself almost entering my Paypal login information in a website linked by a text message.

To my defense the text came in early in the morning, and I was hung over as all hell, and not thinking straight.

The thing is, I know MUCH MUCH better than that, but I almost did it in an off moment. Makes me think it can happen to anyone.

Makaveli@BETA · Mar 22, 2017

Zarathustra[H] said:
That is surprising. I had not seen that one.

The expectation is that the less tech savvy are more likely to fall for these things, but this suggests that something completely different is at play.

I believe this the lawyers at my firm that are highly educated get targeted the most by these email scammers.

Chupachup · Mar 23, 2017

Twisted Kidney said:
Now imagine they all know the basic functions but don't understand the security...

You just described my 77 year old mother, 72 year old aunt and the majority of their friends! LOL

piscian18 · Mar 23, 2017

Nytegard said:
It's not really surprising. A year or so ago, the BBB came out with a study that said millennials (34%) are the biggest group to be scammed, and not the elderly (11%), as is the common myth. Also, the higher your level of education, the more likely you are to fall for scams.

http://www.bbb.org/columbia/news-ev...ials-more-likely-to-get-scammed-than-boomers/
https://www.forbes.com/sites/nextav...to-be-scam-victims-than-boomers/#7eb1719e685c

Greed makes us all dumber, and hubris of our intelligence blinds us from our own faults.

I was watching my teenager brother playing on his phone and it occurred to me, he has no idea how it works, not the signalling nor the OS or any of the hardware. Not even a vague concept. I think there's a kind of leg up for people between GenX and some boomers because we were using most technology in use today as it evolved and have a better understanding of how it works and the pitfalls. To most kids today its all magic boxes.

Zarathustra[H] · Mar 23, 2017

piscian18 said:
I was watching my teenager brother playing on his phone and it occurred to me, he has no idea how it works, not the signalling nor the OS or any of the hardware. Not even a vague concept. I think there's a kind of leg up for people between GenX and some boomers because we were using most technology in use today as it evolved and have a better understanding of how it works and the pitfalls. To most kids today its all magic boxes.

My stepson as no idea what the difference between "the wifi" and "the internet" is. I tried to explain how it worked to him, but I don't think it sunk in.

Granted, he is only 9 years old, so there is still hope...

Rev Lemmon · Mar 23, 2017

I i think I was 13 when I had an epiphany. Everybody lies and the world really is out to get you. Never click on anything you didn't ask for and if ever asked a odd question the answer is "It's not my department.".

Even Tech Savvy Organizations can Fall for Phishing Schemes

Zarathustra[H]

Extremely [H]

charold

Limp Gawd

fadedlogic

Limp Gawd

Nytegard

2[H]4U

Zarathustra[H]

Extremely [H]

Twisted Kidney

Supreme [H]ardness

nutzo

Supreme [H]ardness

Slade

2[H]4U

Zarathustra[H]

Extremely [H]

Makaveli@BETA

2[H]4U

Chupachup

Limp Gawd

piscian18

[H]F Junkie

Zarathustra[H]

Extremely [H]

Rev Lemmon

Limp Gawd