Conde Nast Sent $8 Million To A Scammer After A Single Email
from the financial-controls? dept
Apparently it’s not that hard to scam a big company out of millions of dollars these days. You can just send a single email, pretending to be from a vendor of that company. That’s apparently what a guy named Andy Surface discovered when he set up a bank account for an operation he called “Quad Graph,” likely designed to be similar to Quad/Graphics, the giant printing company that prints many big name magazines. He then sent a single email to magazine giant Conde Nast, leading the magazine company to send that new account $8 million:
In early November, Conde Nast received an “Electronic Payment Authorization? form by email at its offices in … New York. The form appeared to have been sent by Quad/Graphics. The form requested that Conde Nast direct payments for Quad Graphics to the Quad Graph Account, and provided account information. Conde Nast filled out the form and returned it by facsimile from its offices in … New York to the facsimile number provided in the form. Following Conde Nast’s receipt of the “Electronic Payment Authorization” form, Conde Nast started making payments for Quad/Graphics bills by ACH transfer from a Conde Nast account with JPMorgan Chase Bank in New York to the Quad Graph Account.
The whole thing was discovered when the actual printer noticed that it was no longer getting paid and asked Conde Nast what was up. Conde Nast went to the feds, who arrested the guy and amazingly discovered that all $8 million was still sitting in the bank account.
Filed Under: electronic payments, email, scams
Companies: conde nast
Comments on “Conde Nast Sent $8 Million To A Scammer After A Single Email”
Funniest thing I’ve read all day.
Also if he didn’t spend any of it maybe it won’t be SO bad for him… Still real bad though.
Wait...
Doesn’t Conde Nast own Wired and Ars Technica…?
If so… This just became x10 funnier if computer nerds got duped by a scammer…
Re: Wait...
Add Reddit and Webmonkey to that. Although they’re primarily a magazine publisher.
http://en.wikipedia.org/wiki/Cond%C3%A9_Nast_Publications
Re: Wait...
To be fair, I doubt they run their bills by Bruce Schneier.
Although they obviously should.
Re: Wait...
Unfortunately, the persons responsible for completing/checking the paperwork on this are not computer geeks regardless of which publication they support. These are accountants and finance clerks. They can crunch the numbers with the best of them, but take from me, they are clueless when it comes to stuff like this. I work for a fairly large IT orginization. We handle everything from simple colocation to custom security solutions. Our finance/accounting teams are computer stupid some days.
Re: Wait...
actually, it looks like they’re just the publisher. And wired wrote on this earlier.
http://www.wired.com/threatlevel/2011/04/condenast-hooked-by-spear-phisher/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+wired%2Findex+%28Wired%3A+Index+3+%28Top+Stories+2%29%29
Re: Re: Wait...
“Just” the publisher? Do you know what it means to be the “publisher” of a magazine?
He should have put a rush order on his application for a passport and visa to Brazil.
This "Electronic Payment Authorization Form"
Does anyone have a copy of it? I’d like to send it to a few periodicals and see what comes back. The NYT in particular seems to have a few extra million to burn.
Perfect opportunity missed
Would have been even funnier if he donated it all to Reddit (mega-popular website owned by conde nast that is in serious need of funding for more servers)
Hi, my name is Mambutu and I am from Quad Graph. Please Western Union 8 million dollars to my account in Nigeria. Thank you very much.
Re: Re:
Sounds legit, but I’m from Quint Graph, we’re 1 graph better and need 9 million.
Re: Re: Re:
I’m from Qyantum Graph and I require half of your monthly profits to protect you from your lawyers.
Neat, I learn more about the place I work from the internet than I do from actually working there…
Irony?
I find it ironic(?) that any number of the banner ads displayed around this aritcle are probably scams.
Re: Irony?
You mean like the Arkansas tourist info one? Or the umpteen billion Microsoft ones? While I fully agree with you that Microsoft is scam, are you trying to say that Arkansas isn’t real?
Which of course brings up the question of what exactly are you seeing in your ads? Have you been to bad places on the ‘net? Maybe they just go you pegged. 🙂
Re: Re: Irony?
Every time a see you folks talking about those things(i.e. ads and buttons) I can’t help but think about unicorns.
I always ask myself what ads? what buttons? where?
Re: Re: Re: Irony?
I have actually changed how my adblocker works. On the main page of the top 12 sites I visit (what I have in my speeddial on firefox), I leave ads turned on. As soon as I click through to an article, though, I get no more flashy banners. Personally I think it is the best of both worlds. Sites get the views, I get to read the articles I want in detail without distraction.
Re: Re: Re:2 Irony?
Interesting idea. Personally, I get all my news via RSS/Twitter feeds though, so I almost never visit the home pages anyway. But, I like the idea in general.
That said, I’d have no need for adblock if the people that ran the ads would take the time to make sure they are good. Even with all the profiling and such on the web, I’d still say less than 1% of ads appeal to me; having them load is a complete waste of time over 99% of the time.
Re: Re: Re:3 Irony?
Almost forgot; on top of being wildly mis-targeted, they are often equally annoying (flashing, animations, flash, etc). Google is the only advertiser that got it right (text only) and even they are straying from that principle now.
Re: Re: Re: Irony?
Thank You AdBlock/NoScript
Re: Re: Irony?
Trust me. I live in Arkansas. It’s not real.
Re: Re: Re: Irony?
I live in Arkansas and I have no clue what you are talking about. All I see are IBM, SAP, Capital One and American Express ads…
Back to topic, it is of my opinion that this is one example of why companies should not outsource spam filtering. There is just no 3rd party out there that can guarantee that every legit email is sent, and every non-legit email is filtered.
Granted, mistakes can happen in house, but at our company, we are running, at most, a rate of 1-2 spam per month that actually make it to the end users inbox, and emails like this one would be caught, questioned, and actual phone calls made before any paperwork is filled out.
Sometimes, there is just no substitute for “hey…wtf is THAT?!?!”
Re: Irony?
Banners? Ads?
There are ads on the Internet?
What is this? 1998?
Re: Re: Irony?
Only if you work in America, apparently.
Re: Re: Irony?
Oh yes you are so awesome. You hid the ads. Please go steal…I mean borrow…I mean it is an infinite good so just take it and place it on your hard drive.
Re: Re: Re: Irony?
I didn’t hide anything. I merely prevented the site from executing a bunch of needless crap and loading a truckload of stuff from other servers that I don’t want or need. And the only benefit they present me is a slowed down browser and 90% of the browser window covered in flashing ads. Yay! Go ads!
Re: Re: Re: Irony?
Oh yes you are so awesome. You hid the ads. Please go steal..
Typical copyright supporter. We need to get rid of these people.
Re: Re: Re: Irony?
You know, if your business model can be thwarted by a script, it may not be the best model out there.
Since trademark enforcement is often viewed with a skeptical eye around here, I thought I’d mention that this is one reason why companies get uncomfortable about similar trademarks and domain names.
Too much
In the late 90s some guy scammed SONY, out Co. and several others out of several mil of vieo gear by pretending to be a NATO general in England. He showed up to meetings in a limo w NATO flags on the fenders. No uniform.