*Gaurav, a finance manager in a multinational company, rose to attention one Monday morning as he received an email from *Shephali, the company’s chief financial officer (CFO). The email directed him to urgently make a payment of $10,476 toward an attached invoice to a Cyprus-based vendor. Gaurav instantly initiated the process, bypassing some of the usual vendor checks as it was urgent and approved by his CFO. Later that week, only when he met Shephali for a monthly meeting, did he realise that the email was not sent by her and that they had been defrauded.
Thereafter, a pursuant investigation revealed that the email came through from a domain which looked very similar to the one belonging to the company. In fact, the perpetrator had just replaced the letter “m” with “rn”. The findings revealed that the email server for the fake domain was hosted in The Netherlands, using a lesser-known cloud service provider.
The hacker had bought a cloud instance for a mere $10 and created his own email server using some of the well-known open source libraries available for free. He then identified his targets, using their social media profiles, which clearly stated details of their company, designation, location and their connections. Subsequently, the hacker destroyed the cloud instance or email server moments after receiving the payment, leaving no trace of the cybercrime.
To read more, click here