Shark Tank star Barbara Corcoran was hacked; attackers stole $380k with a phishing email

Nowadays anyone can fall victim to an information security incident, regardless their occupation, social status or income level. According to a recently revealed report, Barbara Corcoran, star of the TV show Shark Tank, was the victim of a phishing scam for which she lost nearly $400k USD, which ended up in the hands of hackers.

Apparently, the attackers used an email with a typo imperceptible to the naked eye, but enough to deceive the staff of the renowned businesswoman.

It all started a few days ago, when Corcoran’s accountant, identified as ‘Christine’, received an email apparently sent by ‘Emily’, the businesswoman’s personal assistant. At the message, the accountant received indications to make an electronic transfer for $388,700 USD to a firm called FFH Concept GmbH. Although there did not appear to be anything abnormal in the message, the people involved were about to compromise their information security, as the email was not actually sent by Corcoran’s assistant.

“Lesson learned”; the message posted on Corcoran’s Twitter account

In some way that has not been determined, the threat actors got Emily’s email address. Subsequently, the attackers created a new email address very similar to Emily’s, changing only one letter. Although the Corcoran accountant asked some questions related to the bank transfer, the hackers seemed to be aware of the victim’s business, as they managed to deceive those involved.

It has been reported that it is true that Barbara Corcoran invests in real estate, and there is a German company called FFH dedicated to that industry, so the scam seemed credible.

According to an information security firm, Christine authorized the transaction and subsequently contacted Emily, only this time she did write to the assistant’s real account, so they became aware of the fraud, also detecting the fraudulent email address. The incident was reported to authorities and, while the money has disappeared, authorities and the bank hope to be able to trace the transaction using the IP of the phishing message.

The International Cyber Security Institute (IICS) notes that phishing remains one of the most widely practiced electronic fraud variants, due to the ease of deploying a fraudulent campaign, the low amount of resources required and the degree of effectiveness of an attack.