Independent Educational Consulting Firm Hacked

Recently, Domain received a call from an independent educational consulting firm that was not a client at the time. They called concerning an attack on the firm’s website. As a result of the hack, their domain name became spam by internet users, including their own clients. Because of this, their reputation with existing clients became damaged.

Their website, hosted by a third party and using WordPress as the content management system (CMS), had indeed been hacked. The hacker used their website to send out a great deal of phishing emails, including some from several different banks.

In response to the call from the firm, Domain used our experience to clean up the site and domain name. We moved their services (web and email) to more reputable servers and services. We also locked down access to WordPress and continued monitoring their site to ensure there are no more surprises.

Construction Firm Conned by Social Engineering

One evening, as Domain was ready to close its doors for the day, an existing client called to explain an event that seemed unusual.

The event began when the controller received an email from the CEO asking her to prepare a wire transfer to a company for the amount of $18,700. Instead of a company name, the email request was to go to an actual person with a bank and home address in Texas. The email request included the account number and routing number.

The controller asked the CEO which bank account to use for the transfer. The controller didn’t think twice when the CEO responded by telling her to use alternative bank, name, account number and address. They did not pick up on this red flag and continued to prepare the transfer.

While preparing the wire transfer on the bank’s online portal, the controller emailed the CEO to let her know that the transaction was ready for approval. The CEO responded that she was too busy to approve the transfer. The controller should seek approval from someone else in the organization. Once again, the controller did not pick up on this red flag.
After she discovered that nobody else could approve the transfer, she asked the CEO for her credentials again.

The controller eventually began to email the actual CEO of the firm, who confirmed that she had never requested such a transaction. Once it became apparent that something was wrong, they got on the phone to discuss this series of email transactions.

They then contacted the onsite IT administrator, who contacted Domain immediately.

As soon as they contacted Domain, we started to do some research. We discovered that the hacker set up a separate domain name using a free-for-one-month service through VistaPrint. The domain name looked so similar to the firm’s true domain name that the controller never even noticed – it was off by a single letter.

In this instance, the hack and attempted fraud required two elements. One, a hacker with the expertise to establish a bogus domain. Two, social engineering where the hacker team took the time to learn how the CEO and the controller communicate. The hacker wrote the emails as if the actual CEO had written them. That is why the controller did not suspect foul play.

Domain obtained a name and phone number associated with the registered account, but VistaPrint did not confirm the information when we contacted them.

Since the incident, Domain logged a case with the FBI and works diligently with the customer to improve and optimize their network security.