A promising Israeli startup was about to celebrate closing an investment round with a prominent VC firm. A China-based had different plans for that money. The attacker stole the $1 million investment, via a well-crafted man-in-the-middle attack.
"Chinese hackers managed to hijack $1 million in seed money during a wire transfer between a Chinese venture capital firm and an Israeli startup—without either side realizing anything was wrong."
The attacker created look-alike domains for both the startup and the VC firm. Next, the hackers put the attack in motion, exchanging dozens of emails with the company executives from the phony domain.
"At one point, the VC account manager and startup CEO scheduled a meeting in Shanghai, putting the hijack at risk."
Even this face-to-face meeting was foiled by this crafty attacker. The criminal emailed both firms with different excuses to cancel the meeting.
After all this work, the hacker walked away with a cool million and little chance of being caught.
How could this have been prevented?
- Always check domains of your incoming and outgoing mail.
- When in doubt, pick up the phone and call your counterpart
- Always verbally confirm wire instructions with a known, trusted contact at a known phone number.
Are you a financial firm looking to avoid these scams?
Click here to learn more about INFIMA's fully-automated platform to Test and Train your team today!
Join the newsletter to receive the latest updates in your inbox.