This common email phishing scam just caught a Shark.
“Shark Tank” star and real estate mogul Barbara Corcoran revealed Wednesday that she lost almost $400,000 after scammers tricked her bookkeeper by sending a bill that appeared to come from her assistant.
“This morning I wired $388,000 into a false bank account in Asia.”
So how did such a savvy businesswoman and entrepreneur get duped? The same way that the many companies who have lost $26 billion through email wire fraud since 2016 have, according to the FBI: a criminal was able to impersonate a trusted business partner.
Corcoran’s team did not immediately respond to a MarketWatch request for comment, but the millionaire investor explained what happened to ABC News. Last week, Corcoran’s bookkeeper Christina received what appeared to be a routine invoice from Corcoran’s assistant Emily to approve a $388,700.11 payment to a German company called FFH Concept.
The bookkeeper replied asking, “What is this? Need to know what account to pay out of,” and the cybercriminal posing as Emily was able to give a credible, detailed response that FFH was designing German apartment units that Corcoran had invested in. Corcoran does invest in real estate, and FFH is a real company in Germany.
“Someone sends you a bill. It’s paid,” Corcoran told ABC News. “In this one instance, it was not a good strategy.”
Because as it turned out, Emily never sent the invoice; the phony bill came from an email that closely resembled hers, but it was missing an “O.” Corcoran’s team didn’t realize something was off about the “from” email until after the money was transferred.
Corcoran does not blame her bookkeeper for getting conned by the sophisticated scam. “When she showed me the emails that went back and forth with the false address, I realized immediately it’s something I would have fallen for if I had seen the emails,” Corcoran said.
Indeed, her “Shark Tank” costar Robert Herjavec, who made his millions founding and running his Herjavec Group cybersecurity firm, told ABC News that this is “very, very common.”
“Eighty-five percent of all cybercrime across the world comes through email, which is what happened to Barbara,” he said. “It’s been happening to businesses for two, three years now. It’s now happening to individuals.”
His tips for not falling prey to the same ruse include always verifying that an email is coming from someone you trust, even going as far as to have that person call you to confirm the details.
“Number two, check your bank statements every single day, because if you catch it within 48 hours, the bank can get it back for you,” he said.
Unfortunately in Corcoran’s case, that $388,700.11 is long gone. But her team has traced the original emails to a Chinese IP address, and her legal team is working out its next steps.
Here are some more tips to avoid increasingly sophisticated phishing scammers, such as email wire fraud, online dating traps and social media shopping scams.