YeOldeStonecat
Well-Known Member
- Reaction score
- 6,405
- Location
- SE Connecticut and SW Florida
This past week, had a couple of clients receive CEO Fraud e-mails.
CEO Fraud similar to the ones that got into Ubiquiti and some other big tech company a month ago...that caused the loss of millions.
When I check the headers....the e-mails originate from various servers at secureserver....which is the backend of GoDaddy.
Some snippets from the headers....the GMail addresses and massshipping domain are not mine...but part of the originating addresses or under the spoofing reply to address.
p3plwbeout12-04.prod.phx3.secureserver.net
.wbe@email12.secureserver.net>
anetrob@massshipping.us
ceomanagement4@gmail.com>
Below is a copy of the initial e-mail
**********************************************************************************************
"Karen,
I will want you to transferred out from our business account (BOA). Kindly go ahead to initiate the bank Wire transfer on my behalf today and process the transfer as instant payment to the beneficiary account. Because it is very URGENT and confidential.
Here is the information for the Wire bank transfer:
BENEFICIARY NAME: [removed]
SORT CODE: 779508
ACCOUNT NUMBER: 88861668
IBAN: GB52LOYD77950888861668
BANK NAME: LLOYDS BANK PLC
BANK BIC: LOYDGB21
BRANCH: HIGH ST GILLINGHAM (779508)
BRANCH BIC: J93
ADDRESS: CSC DEPT 9508 ESSEX CM11JS
Amount: $15,320
The payment is for a project we are sponsoring. I will have the documentations ready before the end of the day.
NOTE: I'm still waiting for the hard cover of the invoice in order to know where to code this transaction, hopefully I should receive it later today or tomorrow, Reference it as donation which I will reimburse by Next week, Please note there is an incoming transfer coming soon, I will let you know when the beneficiary company get in touch with me. Get back to me with a copy of the payment slip via email once you get the Wire transfer done. "
***************************************************************************************************
And it was signed by the boss of my client. Although not her normal Outlook graphic signature.
The scammers did their homework.....the e-mail was spoofed under the bosses name, and it was sent to their head accountant girl.
What had me wondering though.....we register our clients at the wholesale arm of GoDaddy...SecurePayNet. No services other than domain registration are there. No e-mail. And the actual DNS records are managed at RackSpace. Could just be a coincidence and global harvesting of info from GoDaddy that the spammers..err..hackers...are using.
CEO Fraud similar to the ones that got into Ubiquiti and some other big tech company a month ago...that caused the loss of millions.
When I check the headers....the e-mails originate from various servers at secureserver....which is the backend of GoDaddy.
Some snippets from the headers....the GMail addresses and massshipping domain are not mine...but part of the originating addresses or under the spoofing reply to address.
p3plwbeout12-04.prod.phx3.secureserver.net
.wbe@email12.secureserver.net>
anetrob@massshipping.us
ceomanagement4@gmail.com>
Below is a copy of the initial e-mail
**********************************************************************************************
"Karen,
I will want you to transferred out from our business account (BOA). Kindly go ahead to initiate the bank Wire transfer on my behalf today and process the transfer as instant payment to the beneficiary account. Because it is very URGENT and confidential.
Here is the information for the Wire bank transfer:
BENEFICIARY NAME: [removed]
SORT CODE: 779508
ACCOUNT NUMBER: 88861668
IBAN: GB52LOYD77950888861668
BANK NAME: LLOYDS BANK PLC
BANK BIC: LOYDGB21
BRANCH: HIGH ST GILLINGHAM (779508)
BRANCH BIC: J93
ADDRESS: CSC DEPT 9508 ESSEX CM11JS
Amount: $15,320
The payment is for a project we are sponsoring. I will have the documentations ready before the end of the day.
NOTE: I'm still waiting for the hard cover of the invoice in order to know where to code this transaction, hopefully I should receive it later today or tomorrow, Reference it as donation which I will reimburse by Next week, Please note there is an incoming transfer coming soon, I will let you know when the beneficiary company get in touch with me. Get back to me with a copy of the payment slip via email once you get the Wire transfer done. "
***************************************************************************************************
And it was signed by the boss of my client. Although not her normal Outlook graphic signature.
The scammers did their homework.....the e-mail was spoofed under the bosses name, and it was sent to their head accountant girl.
What had me wondering though.....we register our clients at the wholesale arm of GoDaddy...SecurePayNet. No services other than domain registration are there. No e-mail. And the actual DNS records are managed at RackSpace. Could just be a coincidence and global harvesting of info from GoDaddy that the spammers..err..hackers...are using.