author photo
By Bruce Sussman
Tue | Mar 3, 2020 | 11:33 AM PST

The stars of ABC's "Shark Tank" television show have a way of turning small investments into huge returns.

So maybe we shouldn't be surprised by the luck of "Shark Tank" investor Barbara Corcoran.

She got phished and sent $388,000 to cybercriminals—and then got her money back!

What happened in Barbara Corcoran's phishing attack?

Corcoran tweeted about the attack and linked to an article on it.

shark-tank-phishing-tweet2

People Magazine talked to Corcoran about what happened:

"I lost the $388,700 as a result of a fake email chain sent to my company. It was an invoice supposedly sent by my assistant to my bookkeeper approving the payment for a real estate renovation. There was no reason to be suspicious as I invest in a lot of real estate."

The bookkeeper continued to communicate with whom she thought was Corcoran's assistant and went ahead with the wire payment on Tuesday.

The error wasn't noticed until the bookkeeper sent a follow up to Corcoran's assistant's actual address, informing her of what she had just done. That's when the company became aware of the scam and the assistant noticed the hacker had altered her email.

The cybercriminals had done two things really well: they had altered the email address of Corcoran's assistant by a single letter, so at a glance, it seemed to be coming from her. 

And the hacker created a realistic looking invoice in the name of a legitimate German company.

The Daily Mail shared that invoice:

shark-tank-phishing-attack-what-happened

Based on what seemed to be legitimate information, the bookkeeper wired the requested payment to the hacker's account.

How did the 'Shark Tank' star get her money back from hackers?

According to Q13 News in Seattle, it was about 24 hours after the wire transfer that Corcoran and her team knew they'd been scammed. 

"In a twist of good fortune, she said that the German-based bank the bookkeeper used to wire the money froze the transfer before it was deposited into the scammer's bank account in China. Corcoran said her bank asked the German bank to freeze the transaction so her team could prove it was a fraud."

According to Chris McMahon of the U.S. Secret Service, this was more about timing than anything else, because money stolen in this way usually makes a stop or two on its way to where criminals can withdraw the money from their bank.

That means the sooner you report the crime, the better your odds of getting some or all of the money back. If you go past 72 hours, chances are high that criminals have taken your money to the intended destination and it is gone for good.

'Shark Tank' star's cyberattack was a BEC scam

This type of phishing attack falls into the Business Email Compromise (BEC) category of cybercrime. The U.S. government says BEC has cost organizations and individuals around the world $26 billion in losses between 2016 and 2019.

"BEC is rampant right now," says Christopher McMahon, Special Agent with the U.S. Secret Service, who we interviewed at a SecureWorld cybersecurity conference.

"The average loss from a bank robbery is about $3,000. The average loss from a successful Business Email Compromise attack is nearly $130,000. That kind of math explains why BEC is a crime which puts every type of organization at risk."

And this crime is not committed by some hacker in a hoodie eating hot Cheetos in their mom's basement; it is part of the enterprise business model of cybercrime. Listen to our podcast on this subject:

In Corcoran's case, she revealed to the Daily Mail that she was targeted by this type of crime about six months ago and thinks this was a repeat:

"Her team had traced the IP address back to a 'Chinese outfit,' which she also believes was the perpetrator of the previous attack. 'It was a beautifully executed scam by a Chinese outfit—I suspect it was the same one that tried the first time,' she said."

Irony of 'Shark Tank' star's phishing attack

Beyond the obvious play on words here of a shark getting phished, some in the Twitterverse noticed a special irony in this case:

shark-tank-phishing-tweet1

"Ah, if only there were someone on 'Shark Tank' who knows about cybersecurity and could raise awareness among their co-stars about this type of email scams," tweeted @frenchmailman.

Someone, as in 'Shark Tank' co-star Robert Herjavec who owns a well-known cybersecurity firm, Herjavac Group.

Comments