The security firm Check Point Research has revealed details of a $1.3 million cyberheist that began with simple phishing emails. The Florentine Banker cybercrime group launched phishing campaigns against three UK private equity firms, hoping to pull off a wire transfer theft.
The phishing emails were sent to high-ranking executives at the private equity firms, including CEOs and CFOs. The thieves gained control of officials’ emails and lurked hidden for months, monitoring their targets to observe how they conducted business. Then the thieves crafted websites designed to look like the sites of companies involved in email chains with their targets. They used their access to email inboxes to create new conversations and continue existing ones, convincing their targets that they were genuine.
At that point, the cybercriminals substituted their own banking information for that of an authorized company and tricked executives into confirming the transactions.
Florentine Group’s modus operandi is to continue monitoring the situation, Check Point said. “If the bank rejects the transaction due to a mismatch in the account currency, beneficiary name or any other reason, the attackers are there to fix the rejects until the money is in their own hands,” the firm said. The strategy earned the cybercriminals $1.3 million in stolen funds.