Owners of a large venture capital fund approached the HackControl team with the following issue: they had not received confirmation from their partner after wiring funds from their bank account.
Two days after the assumed payment transaction, the venture fund realized that their partner had stopped responding to their emails and so had decided to get in touch with them. Employees of the partner were not aware of the payment details from the venture fund. Moreover, the partner claimed that they had received an email from the fund with a request to send money over to a third-party company. As a result, the partner sent money to the company instead of the fund.
As soon as the problem had been discovered, the management team of the fund asked HackControl specialists to assist with the case. Firstly, we analyzed their correspondence and a quick overview showed that employees of the fund and the partner had exchanged emails with a fake email account. Hackers bought similar domain names and created avery similar email address.
How did they do that? Easy: they used the number “0” in the fake domain instead of the letter “O”. Thus, [email protected] was forged and replaced with [email protected] The employees of the fund and the partner didn’t pay any attention to it (why should they?) and continued their correspondence with the intruder.
HackControl experts recommended the partner send a chargeback request immediately to their bank. We also helped them establish a safe communication channel between the partner and the fund.
Our specialists managed to get information on the domains used by the attackers and to identify the network equipment that was used for the malicious actions described above. The data collected during the investigation was transferred to the client and the law enforcement agencies.
After the investigation, the fund ordered a company security service which included an audit of the company’s security and a check of their security policies. Additionally, for their staff, we carried out training on how to resist phishing attacks. As a result, overall company security protection was improved as well as the security awareness of the employees..