Phisher Hooks Condé Nast, Reels in $8 Million

ID THREATPOST:B6F318488735540B9290E8F0D62D015D
Type threatpost
Reporter Brian Donohue
Modified 2013-04-17T20:08:57


Condé Nast was baited in a phishing scam that netted a Texas man nearly $8 million in company funds, according to published reports.

to a complaint filed in Manhattan District Court by the U.S. Attorney’s
Office last week, the publishing giant was fooled by a single phishing e-mail sent by a spear phisher, posing as a legitimate business by the name of Quad/Graphics. Condé Nast uses Quad/Graphics to print their various magazines, including Wired, GQ, Vogue, Glamour and the New Yorker, to name a few.

The e-mail, which included an electronic payment authorization form to be made out to a company called Quad Graph, was sent to Condé Nast’s accounts payable department. That was enough to fool an employee, who signed off on the invoice. Between November 17 and December 30, Condé Nast wired some $8 million dollars to an account associated with the fraudulent firm. It wasn’t until the real Quad/Graphics contacted the company regarding an outstanding bill that Condé Nast realized its mistake.

authorities froze the account receiving these payments on January 9,
before the fraudster, identified as Andy Surface of Alvin Texas, could
withdraw any funds. Surface reportedly incorporated Quad Graph using his
home address in Alvin, Texas before opening the account.

Spear phishing is in the headlines these days, with news of a successful phishing attack on employees at RSA, the Security Division of tech giant EMC, and the recent breach of email marketing giant Epsilon.