Conde Nast scammed out of $8 million with single spear phishing email
Conde Nast – the company that publishes popular magazines such as Vogue, GQ, Architectural Digest, Wired, Vanity Fair, and many others – has been nearly defrauded of almost $8 millions with a single, well-crafted spear phishing email.
According to the court document, Conde’ Nast’s accounting department received an “Electronic Payment Authorizations” form by email in early November, and the email was seemingly coming from Quad/Graphics, Inc., the company that prints Conde’ Nast’s magazines.
“The form requested that Conde’ Nast direct payments for Quad Graphics to the Quad Graph Account, and provided account information,” is explained in the document. “Conde’ Nast filled out the form and returned it by facsimile from its offices in the Southern District of New York to the facsimile number provided in the form.”
From that moment on, the Quad/Graphics bills were paid by ACH transfer from Conde’ Nast’s account with JPMorgan Chase Bank to the Quad Graph account. And there lays the problem.
The company by the name of Quad Graph had absolutely nothing to do with the Quad/Graphics firm. In fact, the account Conde’ Nast was sending the money to an account opened by a 57-year old who claimed to be the sole owner of the registered Quad Graph business and who was the sole signatory for the account.
The attempted wire fraud was discovered by Conde’ Nast when Quad/Graphics contacted it and asked why it had not received payments from the publisher since the middle of November. When Quad/Graphics confirmed they had not changed its banking information, Conde’ Nast investigated the matter and discovered the problem.
The publisher immediately notified the FBI and the Secret Service, and procured a federal seizure warrant to have the money in question sent to the Quad Graph account and a private account belonging to Surface (to which he transferred some of the money) frozen until a forfeiture lawsuit is filed.
According to Wired, the perpetrator has not been charged yet, but this case only goes to show how sometimes it doesn’t take much effort by scammers to fool their targets and steal huge sums.