Independent Educational Consulting Firm Hacked
Recently, Domain Consulting Group received a call from an independent educational consulting firm that was not a client at the time. The call concerned the firm’s website that was hacked. As a result of the hack, their domain name was being considered spam by internet users, including their own clients. Because their name was now identified as spam, their reputation with existing clients was damaged.
Their website, hosted by a third party and using WordPress as the content management system (CMS), had indeed been hacked and was used to send out a great deal of phishing emails, including some from several different banks.
In response to the call from the education consulting firm, Domain used our knowledge and experience to clean up the site and domain name. We moved their services (web and email) to more reputable servers and services, we locked down access to WordPress, and we continued monitoring their site to ensure there are no more surprises.
Construction Firm Conned by Social Engineering
One evening, as Domain was ready to close its doors for the day, a construction firm (an existing client) called to explain an event that seemed unusual to the CEO and Controller.
The event began when the controller received an email from the CEO asking her to prepare a wire transfer to a company for the amount of $18,700. Instead of a company name, the email request was to go to an actual person with a bank and home address in TX. Included in the request were the account number and routing number.
The controller asked the CEO which bank account to use for the transfer. The controller didn’t think twice when the CEO responded by telling her to use an alternative bank, name, account number and address. The controller did not pick up on this red flag and continued to prepare the transfer.
While preparing the wire transfer on the bank’s online portal, the controller emailed the CEO to let her know that the transaction was ready for approval. The CEO responded that she was too busy to approve the transfer and that the controller should seek approval from someone else in the organization. Once again, the controller did not pick up on this red flag.
After asking the CEO for her credentials to approve the transfer, the controller asked the CEO for her credentials to go online and approve the transfer after she discovered that there was nobody else available to approve the transfer.
The controller eventually began to email the actual CEO of the firm, who confirmed that she had never requested such a transaction. Once it was apparent that there was something wrong, the controller and the CEO of the firm got on the phone to discuss this strange series of email transactions. They then contacted the onsite IT administrator who contacted Domain immediately.
As soon as Domain was contacted, we started to do some research and discovered that a separate domain name was set up using a free-for-one-month service through VistaPrint. The domain name looked so similar to the firm’s true domain name that the controller never even noticed – it was off by a single letter.
In this instance, the hack and attempted fraud required two elements – a hacker with the expertise to establish a bogus domain and social engineering where the hacker team took the time to learn how the CEO and the controller communicate. The emails were written as if the actual CEO had written them. That is why the controller did not suspect foul play.
Domain was able to obtain a name and phone number associated with the registered account, but was not able to confirm the information when we contacted VistaPrint.
Since the incident, Domain has logged a case with the FBI and is working diligently with the customer to improve and optimize their network security.