Publishing giant Condé Nast was a victim of a not-too-sophisticated phishing operation, sending $8 million over six weeks to a man posing as one of their regular suppliers. When we think of people who fall victim to this kind of scam, we tend to think of naive individuals, but this story goes to show that you even corporate accountants can be duped with the right mix of chutzpah and tech savvy.
According to the court document, last November Condé Nast's accounts payable department received an e-mail (PDF) that purported to come from Quad/Graphics, the company that prints Condé Nast magazines. The e-mail instructed Condé Nast to send payments for its Quad/Graphics account to a bank account number provided in the e-mail, and included an electronic payments authorization form. The e-mail indicated the account was for Quad Graph, a name similar to the real printer's name.
Someone at Condé Nast apparently signed the form and sent it back to a fax number listed in the e-mail, then began making electronic transfer payments to the bank account specified by the scammer. Between Nov. 17 and Dec. 30, the company wired $8 million to the Quad Graph account before a query around Dec. 30 from the real printer, Quad/Graphics, asking about outstanding bills, prompted Condé Nast to investigate the matter. The company was apparently able to reverse at least one transfer of about $36,000 back to its JPMorgan Chase account, though the court document doesn't indicate when that occurred.
Read the full story at Ars Technica.