We are constantly reminded that no one is immune when it comes to cyber-crime.

On February 27, 2020, Forbes reporter, Rachel Sandler, posted breaking news about how Shark Tank’s Barbara Corcoran was swindled out of $380,000 by the lowest form of cyber fraud: a spear phishing scam.

The scam…

  • The scammers used an email address that looked like it belonged to Corcoran’s assistant, but was misspelled by one letter.
  • The email contained a fake invoice from FFH Concept GmbH—a legitimate German company—for $388,700.11 for real estate renovations, which didn’t raise any alarms because Corcoran invests in real estate.
  • Thinking nothing was suspicious, the bookkeeper wired the money to the account listed in the email.
  • The scam was only uncovered when the bookkeeper copied Corcoran’s actual assistant on a reply to the original invoice.

The important lesson…

This type of scam is called a spear phishing attack. These fake emails use specific language to target a single organization or person in order to dupe recipients into sending money or personal information. It’s a common method employed by hackers against large businesses. According to a recent facts report by cybersecurity firm Cybint, 62% of companies experienced phishing or social engineering attacks in 2018.

The simple cyber safety steps the team needs to know…

1. When anyone asks you to send money or personal information, carefully check the email address. Verify the request with another member on the team before making payment.

2. Most phishing emails will start with “Dear Customer” so be on high alert when coming across these emails. When in doubt, go directly to the source rather than clicking a potentially dangerous link.

3. Install an anti-phishing toolbar. These toolbars run quick checks on the sites visited and compare them to lists of known phishing sites. The toolbar sends out an alert when a malicious site is reached. Anti-virus software and firewalls are also recommended.

4. Make sure the site’s URL begins with “https” and there should be a lock icon near the address bar.

5. Beware of “pop-ups” which masquerade as legitimate components of a website but are often phishing attempts. Don’t click “cancel” on the pop-up as that may lead directly to the phishing site. Instead click on the X in the upper right-hand corner.

6. Never give out personal information over the internet.

7. New scams are being developed all the time. Ongoing security awareness training and simulated phishing for all users is highly recommended. Keep cyber security top of the mind.


VANTREO is here to help. If you have a question on cyber protection or anything else, just reply here!