We were recently almost victims to a phishing attack. If it weren’t for a processing error we would have been out almost $40,000. We thought we had great security processes at the time, but realized that we needed something more. The fact of the matter is, scammers are getting increasingly savvy with their schemes. We need to be on defense with the best security out there. That is why we added Microsoft 365 Security for our team.
I wanted to share this cautionary tale to show you two things. First, how complex and well thought out these schemes are. And second, how Microsoft 365 could have helped us avoid the entire situation.
On August 10, 2017, Brian Hines (Innovia’s CFO) got a fraudulent email from someone pretending to be me. Someone did their research on Innovia. They knew who I was and who Brian was. And they bought the domain lnnovia.com spelled with a lowercase “L” which looks very similar to a lowercase “I”. The phisher (pretending to be me) wrote a message to Brian asking for $38,500 to be wire transferred to the account that he attached. This email was well crafted and resembled our email design, he was even able to replicate our Innovia signatures. The email is so well crafted that Brian didn’t even raise an eyebrow when he received it.
While you can tell the letter is an “L” by looking at it closely. It is not something that most people would catch unless they were purposefully looking for it. That’s an advantage of Microsoft 365, the software can catch a discrepancy like this when we might miss it.
Side note: Since this incident occurred we have now bought the domain lnnovia.com so no one can do this to us again.
As you might expect Brian, being the great guy that he is, replied with a simple “Of course”.
Our procedure for a wire transfer is simple, Brian fills out a form with the ABA number (aka the routing number), vendor name and signs it personally before sending it off to the wire transfer department at our bank. He also CC’s the email to me. Once the bank receives it they have to call Mary Beth or I to confirm the transfer. We have a secret pass-code that we have to say to confirm the transaction. In addition, we have to tell them the amount based off the transfer document that we receive.
Following that process, Brian takes this and prepares our wire transfer document as shown below. Which if you’re keeping score you will realize that this is the first time I actually see anything related to this. Now Brian was on vacation at the time so he was unable to add his signature as he normally does. This made me raise my eyebrows a little when I received the document but I approved it anyway.
A couple of minutes later I get the phone call from the bank. Since I trust Brian and assume the expense was from him I approved the transaction.
About 5 minutes later, I started thinking about this further. Wondering who this David L Bishop guy is. So I went into our accounting system to find out more. And he was nowhere to be found. At this point I call Brian and asked who this guy is. Brian replied “I don’t know, you sent me an email asking to transfer this wire.” I reply, “No I didn’t”. It is at this point that we realize that something fishy is going on. Brian sent me the original email he got and I quickly realized that we were being scammed. I called the bank as fast as I could to see if we could cancel the transfer but it was too late.
Luckily for us, the bank called us back about 5 minutes later. It turns out there was an error processing the transaction with the Federal Reserve because the account number was incorrect. The funny part of this whole story is they went to all this trouble to scam us but then messed up at the most important step. It almost makes me wonder if this attack came from someone we know who was trying to teach us a lesson in security.
So what did we learn from this unsuccessful attack? I learned that phishing schemes are very real. We assumed that our systems and processes were secure enough to prevent us from an attack. But we found out that this was not the case. We decided not to push this with the FBI though because we were just too busy at the time.
After this incident occurred, we decided it was time to increase our security at Innovia. So we added Microsoft Advanced Threat Protection. Which stops and analyzes improper email addresses. It is designed to secure the borders, to keep our secure information from going out and preventing other people from coming in and taking the data. The software scans emails coming in and makes sure they are legitimate. In the event that they are not, the software will either reject the email from entering Outlook entirely or send it straight to your junk folder. Microsoft Advanced Threat Protection is a key component of Microsoft 365.
We also added Azure Information Protection Plan 1 which tells us if something is being sent inappropriately. This searches for keywords such as “Bank Transfer” and “SWIFT” in emails we send. I recently sent an email with this type of information to an insurance company. I immediately got a notification email telling me that I had just sent wire transfer instructions. The cool thing about this is it actually allows you to stop that email from being sent if you decide that your financial information should not be going out. You can also use it to make sure you have managerial approval before an employee sends out sensitive information.
With Azure Information Protection Plan 1 we also get Microsoft 365 encryption. With the push of a button, you can encrypt the information on any email you send. This is helpful to add another layer of protection when you are sending sensitive information.
Really this is just touching the surface of the ways Microsoft 365 can secure your business. I hope you will be proactive and protect your business before an attack happens. I also recommend making sure every single employee at your company has Microsoft 365 protection. Because hackers are always looking for that weak link in your defense. Don’t give them that option.
Microsoft 365 is actually a very affordable option for your business. Contact our team today at firstname.lastname@example.org or by phone at 800.834.7700 to learn more about how affordable it is. Or save yourself a step and get started on your own today.