back to article Uncle Sam seeks to claw back $5M+ stolen from trade union through spoofed email

The US Justice Department is seeking permission to recover more than $5 million worth of funds stolen from a trade union by business email compromise (BEC) scammers. An unnamed group of cyber scumbags defrauded an unidentified union in Dorchester, Massachusetts, out of $6.4 million – $5.3 million of which has been traced to …

  1. DS999 Silver badge

    Email differed by one character

    This is a problem that could be easily fixed in email clients. If you get an email from a 'new' address, make sure that fact is highlighted. That way you can't be fooled by someone trying to spoof via a similar address, even unicode based attacks where another version of an 'a' that looks identical couldn't pass that by.

    So if the person responsible for wire transfers an email that was highlighted in yellow so they knew it was from a new address, they would have immediately known it was a scam. Failing to accept that email address would result in subsequent emails being highlighted in red (substitute your own colors or method of making sure the fact the email address is not already known to the client)

    There are obviously ways to fully spoof email addresses, though thankfully that has been getting more and more difficult to accomplish due to various measures taken in mail servers over the past decade or two (SPF, DMARC, etc.) Now clients need to start addressing gaps on their end.

    Even the average person could benefit from this, if they see one of those spam emails telling you that your Amazon Prime renewal could not be processed and you need to update your payment methods they would have the potential to consider the possibility of it being a scam since it would show up as a new email address rather than being from one of the Amazon addresses you'd already approved.

    1. MachDiamond Silver badge

      Re: Email differed by one character

      "This is a problem that could be easily fixed in email clients. If you get an email from a 'new' address, make sure that fact is highlighted. "

      There's also the change in bank accounts that should raise a flag. This scam has been used on people buying new homes when the perp sends the home buyer a new account to wire the funds to and uses an email layout cloned from the solicitor's office.

      When important things change, there should be a whole workflow that utilizes voice calls, approvals and verification. If somebody sent me new banking information for a big transfer, I'd not just take an email, text or PM on that. I'd call them up with a number I already have and talk to somebody I know. I might even call the main business line and ask to be put through just in case I'm suspicious that the person might have left the company and the number I have is their mobile number.

      Some will never learn. It's like retail shops that leave money in the register overnight. Not just once, but multiple times.

    2. Gene Cash Silver badge

      Re: Email differed by one character

      I'd be happy if email clients just showed the goddamned email address at all.

      I've had problems where I email my co-workers from home to notify them that I won't be able to come in, then that "poisons" their contacts so when they email me again, my home address comes up instead of my corporate address, so they end up sending sensitive information to my personal address.

      Of course this is Microsoft Outlook.

      1. This post has been deleted by its author

  2. Anonymous Coward
    Facepalm

    Email address can be spoofed :o

    > The crims behind it spoofed the investment manager's email address – the domain was almost identical to their genuine address but for a single character.

    If only there was a way of digitally signing email addresses, that came as default in the email transport system.

    1. DS999 Silver badge
      FAIL

      Re: Email address can be spoofed :o

      It sounds like you're trying to be ironic, but there is no such method of digitally signing email addresses that comes as default.

      Based on this post, and your other one saying "why don't they just fix the defects in the OS platform" it seems like you are full of "simple solutions" that only a simpleton could think would work.

      1. Anonymous Coward
        Boffin

        Re: Email address can be spoofed :o

        A PKI public directory where the name and email is digitally signed. The sent emails are also digitally signed. On recent of an email the client contacts the directory and compares the sent digital signature to the one on the directory. If they're different then the email is rejected. Yes, I know its more complicated than that but I can't be bothered looking it up.

        Alphabet net income for the quarter ending March 31, 2024 was $23.662 billion.

  3. Marty McFly Silver badge
    Facepalm

    Just for some context...

    In 2022-2023 the federal government spent $6.134 Trillion. This $5 million 'claw back' represents 26 seconds of federal government spending.

    So other than a news article to detract us from the real issues, this recovered money is the total sum of nothing in the big picture.

  4. Cav Bronze badge

    Oh dear...

    It's the DOJ trying to recover funds for an external trade union, held in foreign banks. The $6.134 Trillion is not relevant. The DOJ are carrying out THEIR ROLE, in trying to obtain funds for the union, not for the government. Or are you seriously saying that public funds should be used to just give the union $5 million because it represents a small amount of government expenditure? Can we all just ask the government for $5 million?

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like