It Only Takes One – One Extra Letter Can be the Difference Between a Legitimate Email and Losing $1 Million

The importance of scrutinizing financial-related and highly sensitive information via email cannot be overstated. In typical business email spoofing style, a scammer, as part of a multinational fraud ring, was able to defraud the CEO of an unidentified Swiss company during a real-estate transaction – an all too common trend. After two presumably legitimate communications with his attorney, the CEO received a third email with new wiring instructions for the remaining balance. The third email included the expected stuff – standard confidentiality notice, legal disclaimers, information about specific regulations on the purchase of property by a foreign company, and professional signature block with the attorney’s name and contact information. Unfortunately, the CEO did not notice the extra letter “s” hiding in the phony lawyer’s email address, and it almost cost him nearly $1 million. While this transaction was personal in nature, this scenario is a widespread trend across organizations of all types. It only takes one letter; it only takes one person – to fall for an email phishing scam that ends up costing a company thousands of dollars. Heightened awareness and a procedure for checks and balances should be required for every financial-related email. Read the post at Quartz