“Phishing” is the word used for the now-ubiquitous scams that try to pry money and personal information out of anybody being careless online. “Spear-phishing” is the term used for the more artful and dangerous practice of directed scams—the kind that can steal $8 million with a single email. Which is exactly what happened recently to magazine publisher Condé Nast.
It all started with an email last November from a man allegedly named Andy Surface to the accounts payable department of Condé Nast, which publishes Wired, Vogue, and many other popular magazines. The email provided a bank account number and asked Condé Nast to send its printing payments to the new account from now on. Because this new account was for Quad Graph, and Condé Nast’s printer is a company called Quad/Graphics, everything looked legitimate, which is why a company employee signed the request and began funneling payments.
By late December, the publishing company had payed Surface $8 million. But on December 30, the real Quad/Graphics asked Condé Nast why they hadn’t been paid since mid-November. So the company scrambled to reverse a $36,000 payment it was about to send and then apparently contacted the federal government to investigate the matter.
Lucky for Condé, Surface remarkably hadn’t withdrawn any of the $8 million before the U.S. Secret Service froze the account’s money. And now, according to the story first reported by Forbes, the publishing giant is part of a Manhattan forfeiture lawsuit as it tries to get its money back. (Due credit to Condé properties Wired and ars technica for reporting and carrying the story, respectively.)
As for Surface, he actually hasn’t been charged with a crime yet, though Forbes discovered that a man named Andy Surface pleaded no contest to “terroristic threat of family/household” in December. No word yet on whether email was also the medium of choice.
Discoblog: Husband Caught Spying on Wife’s Email Charged With Hacking
Bad Astronomy: “Leaked” email by NASA’s Mike Griffin
Discoblog: Email: The Best Way to Lie
80beats: Russian Invasion Included the First Real Use of “Cyber Warfare”
Image: flickr / Malbonster