Criminals who scammed Microsoft out of R4 million nailed

Jamie McKane

MyBroadband Journalist
Joined
Mar 2, 2016
Messages
7,000
Criminals who scammed Microsoft out of R4 million nailed

The Hawks and United States law enforcement have arrested three men suspected of scamming Microsoft through business email compromise (BEC) fraud.

In a statement issued on Thursday, they said that the suspects allegedly created a fraudulent business email to buy 200 laptops worth approximately R4 million from Microsoft in the US, to be delivered to Pretoria.
 
  • Like
Reactions: Yuu

|tera|

Master of Messengers
Joined
Mar 31, 2006
Messages
25,906
Ok. Mr. Obvious here...

How can you release/approve an order that large without payment?

Can you just order by having an email address?

Then I'd like to order some Gal Gadot on WW84 via email please.
 

Scampup

Well-Known Member
Joined
Dec 6, 2013
Messages
160
Ok. Mr. Obvious here...

How can you release/approve an order that large without payment?

Can you just order by having an email address?

Then I'd like to order some Gal Gadot on WW84 via email please.
BEC: Business Email Compromise.

It's worthwhile reading up on it. It the single biggest cyber threat, responsible for bigger financial losses, than all those other "sexy" threats researchers love like ransomware etc.


 

Scampup

Well-Known Member
Joined
Dec 6, 2013
Messages
160
Consider hidrotec[.]co[.]za, spoofing hidrotech[.]co[.]za, engaging with parties up in Africa. It's also using the legit Hydro Tech's tax and company number. To the causal observer, the websites* don't even look similar, yet it's all in the actual emails sent.

* The website is stolen from frasar[.]co[.]uk
 

|tera|

Master of Messengers
Joined
Mar 31, 2006
Messages
25,906
BEC: Business Email Compromise.

It's worthwhile reading up on it. It the single biggest cyber threat, responsible for bigger financial losses, than all those other "sexy" threats researchers love like ransomware etc.


That sounds like terminology for email spoofing and social engineering.
People just making acronyms to seem clever.
 

Scampup

Well-Known Member
Joined
Dec 6, 2013
Messages
160
That sounds like terminology for email spoofing and social engineering.
People just making acronyms to seem clever.
No. It describes a method.

Consider this:
"Is it possible for an invoice to change itself in the email?"

What happened here, is a company did a move for another, a substantial invoice. It was a new client. In the meantime, somebody had gotten onto the client's servers. The movers sent the invoice the Friday afternoon. The client promptly paid it. Nothing appeared in the mover's bank the Monday. A phone call found the bank account was somehow wrong. The person at the movers was not in the office, but had a copy of the invoice in mail on her phone. She checked it, it was correct. She sent it again and phoned the client. The new invoice had the wrong account again. That's when she "phoned a friend", asking.

Luckily the Friday payment could be stopped, reversed.

The BECers had set up email rules on the client's servers, forward & delete. They would then adjust the bank account and leave the altered email in the relevant email box.It was later found the'd been on the server for a while, waiting for an opportunity.

Of course it can also play out in many other ways. Phishing may lead to the initial compromise, or a weak password, or malware, or a look-alike domain. Many of these attack vectors use methods that businesses rely on. Zero days are common. That innocent RFQ may have a payload. How easy is it with those long domain names? DKIM, SPF, DMARC - all check. Most registrars don't care about domain registration details. "fdggfgfdg" qualifies as accurate registration details at registrars like EPAG/Tucows/1Api and others.

Quite frankly, it's a mess.

It would be great if some of the local hosters could comment here.
 

airborne

Honorary Master
Joined
Jul 13, 2007
Messages
18,147
How did the BEC in this case convince MS the laptops had been paid for or did they scam another company into paying for the laptops on their behalf?

I've seen a few nasty BEC scams in the news locally where conveyances get hit and they manipulate the emails to change the account where the bond deposit or similar is paid into, all the money gone.
 

maumau

Honorary Master
Joined
Aug 13, 2009
Messages
20,282
Company I work for got caught for hundreds of thousands when buying equipment from a Japanese company with a looooong email address.

Don't remember how it was done.
 

|tera|

Master of Messengers
Joined
Mar 31, 2006
Messages
25,906
No. It describes a method.

Consider this:
"Is it possible for an invoice to change itself in the email?"

What happened here, is a company did a move for another, a substantial invoice. It was a new client. In the meantime, somebody had gotten onto the client's servers. The movers sent the invoice the Friday afternoon. The client promptly paid it. Nothing appeared in the mover's bank the Monday. A phone call found the bank account was somehow wrong. The person at the movers was not in the office, but had a copy of the invoice in mail on her phone. She checked it, it was correct. She sent it again and phoned the client. The new invoice had the wrong account again. That's when she "phoned a friend", asking.

Luckily the Friday payment could be stopped, reversed.

The BECers had set up email rules on the client's servers, forward & delete. They would then adjust the bank account and leave the altered email in the relevant email box.It was later found the'd been on the server for a while, waiting for an opportunity.

Of course it can also play out in many other ways. Phishing may lead to the initial compromise, or a weak password, or malware, or a look-alike domain. Many of these attack vectors use methods that businesses rely on. Zero days are common. That innocent RFQ may have a payload. How easy is it with those long domain names? DKIM, SPF, DMARC - all check. Most registrars don't care about domain registration details. "fdggfgfdg" qualifies as accurate registration details at registrars like EPAG/Tucows/1Api and others.

Quite frankly, it's a mess.

It would be great if some of the local hosters could comment here.
That's a probability and not a fact.
Do you really expect me to believe that Microsoft's own Servers were hacked?

Do you realise that everything you said does in fact boil down to social engineering. Without it no scam could take place.

I'm not disregarding that there are other methods of scamming out there.
I'm saying in this scenario, we don't know the facts.
As usual, you have an issue and need a tissue.
 

airborne

Honorary Master
Joined
Jul 13, 2007
Messages
18,147
That's a probability and not a fact.
Do you really expect me to believe that Microsoft's own Servers were hacked?

Do you realise that everything you said does in fact boil down to social engineering. Without it no scam could take place.

I'm not disregarding that there are other methods of scamming out there.
I'm saying in this scenario, we don't know the facts.

As usual, you have an issue and need a tissue.
No.
 

Scampup

Well-Known Member
Joined
Dec 6, 2013
Messages
160
That's a probability and not a fact.
Do you really expect me to believe that Microsoft's own Servers were hacked?

Do you realise that everything you said does in fact boil down to social engineering. Without it no scam could take place.

I'm not disregarding that there are other methods of scamming out there.
I'm saying in this scenario, we don't know the facts.

As usual, you have an issue and need a tissue.
Nobody said Microsoft was hacked.

In this scenario, the facts are known by the relevant parties.
 

|tera|

Master of Messengers
Joined
Mar 31, 2006
Messages
25,906
Nobody said Microsoft was hacked.

In this scenario, the facts are known by the relevant parties.
Of course it's known by the relevant parties. Which is my point exactly.
I'm not having a good week and I might very well not be able to process what you are saying.
So my apologies if I'm misunderstanding.

Enjoy your weekend,
 
Top