With all the press about phishing and hacking and social engineering, you have to ask, “Why Do People Phish?” Certainly state actors like Russia and North Korea have political objectives. But they aren’t after me. Why do people phish average businesses and people?
A recent prosecution in Virginia makes it clear why people phish — it’s the money!
Yesterday (March 6, 2018), Olajide Abraham Eyitayo of Hempstead, NY, pleaded guilty to stealing more than $1.1 in a phishing scam. The particular scam he used was what the FBI calls a Business Email Compromise. The FBI describes the scam:
The schemers go to great lengths to spoof company e-mail or use social engineering to assume the identity of the CEO, a company attorney, or trusted vendor. They research employees who manage money and use language specific to the company they are targeting, then they request a wire fraud transfer using dollar amounts that lend legitimacy.
Mr. Eyitayo pretty much followed this script. He researched his intended victim. He then sent an email to the victim, an automobile dealers association. In this email he impersonated the association’s travel vendor. Mr. Eyitayo, in the guise of the travel vendor, told the association to update its wire transfer instructions. Of course, the new payment instructions transferred funds to Mr. Eyitayo, not the real vendor. Thinking that it was paying its real travel vendor, the association wired Mr. Eyitayo three payments totaling more than $1.1 million.
Mr. Eyitayo now awaits sentencing for wire fraud. He faces a maximum penalty of 20 years in federal prison.