A Texas man who got Conde Nast to pay him $8 million last year by sending a single email has relinquished the money, a first step toward giving it back. It's unclear whether he'll face any charges, but the agreement he signed with a Manhattan court is distinctly not an admission of guilt, reports Forbes's William T. Barrett.
Barrett broke the story on April 3 in a pun-filled post about how Condé Nast had been taken for a ride in a "spear-phishing" scam. (Unlike regular old phishing attacks, which use mass email requests for sensitive information like bank passwords, spear-phishing targets specific people, usually under the guise of someone they already know.) Texan Andy Surface wrote to the publisher's accounts receivable last November, posing as the printer Quad/Graphics, with whom Conde Nast contracts. He included an invoice and an electronic payment mechanism, and requested the $8 million payment to a bank account listed under the name Quad Graph.
Some $8 million was wired from a JP Morgan Chase account to Texas before Quad/Graphics–the actual printer–called on December 30 to ask where its money was. A panicked Condé Nast quickly contacted federal authorities. They found $7.92 million–nearly the full amount wired–sitting in two accounts at the BBVA Compass Bank branch in Alvin. The U.S. Attorney’s Office in Manhattan got a court order to seize the money, following that up with the civil forfeiture lawsuit alleging wire fraud that formed the basis for the Forbes story.
Surface this week signed a waiver giving up the money, so it's destined for a return to Condé Nast. He could face fraud charges, but it would be a complicated federal case. Condé Nast may decide to take its money and go back about its business instead of calling any more attention to the embarrassing security breach.
This article is from the archive of our partner The Wire.