Conde Nast Sent $8 Million To A Scammer After A Single Email

from the financial-controls? dept

Mon, Apr 4th 2011 7:01pm — Mike Masnick

Apparently it's not that hard to scam a big company out of millions of dollars these days. You can just send a single email, pretending to be from a vendor of that company. That's apparently what a guy named Andy Surface discovered when he set up a bank account for an operation he called "Quad Graph," likely designed to be similar to Quad/Graphics, the giant printing company that prints many big name magazines. He then sent a single email to magazine giant Conde Nast, leading the magazine company to send that new account $8 million:

In early November, Conde Nast received an "Electronic Payment Authorization� form by email at its offices in ... New York. The form appeared to have been sent by Quad/Graphics. The form requested that Conde Nast direct payments for Quad Graphics to the Quad Graph Account, and provided account information. Conde Nast filled out the form and returned it by facsimile from its offices in ... New York to the facsimile number provided in the form. Following Conde Nast's receipt of the "Electronic Payment Authorization" form, Conde Nast started making payments for Quad/Graphics bills by ACH transfer from a Conde Nast account with JPMorgan Chase Bank in New York to the Quad Graph Account.

The whole thing was discovered when the actual printer noticed that it was no longer getting paid and asked Conde Nast what was up. Conde Nast went to the feds, who arrested the guy and amazingly discovered that all $8 million was still sitting in the bank account.

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: electronic payments, email, scams
Companies: conde nast

31 Comments

If you liked this post, you may also be interested in...

Reader Comments

Subscribe: RSS

View by: Time | Thread

Anonymous Coward, 4 Apr 2011 @ 7:06pm

Funniest thing I've read all day.

Also if he didn't spend any of it maybe it won't be SO bad for him... Still real bad though.
[ link to this | view in chronology ]
Jay (profile), 4 Apr 2011 @ 7:13pm

Wait...
Doesn't Conde Nast own Wired and Ars Technica...?

If so... This just became x10 funnier if computer nerds got duped by a scammer...
[ link to this | view in chronology ]
- dc, 4 Apr 2011 @ 7:24pm
  
  Re: Wait...
  Add Reddit and Webmonkey to that. Although they're primarily a magazine publisher.
  
  http://en.wikipedia.org/wiki/Cond%C3%A9_Nast_Publications
  [ link to this | view in chronology ]
- ChurchHatesTucker (profile), 4 Apr 2011 @ 7:27pm
  
  Re: Wait...
  To be fair, I doubt they run their bills by Bruce Schneier.
  
  Although they obviously should.
  [ link to this | view in chronology ]
- Another AC, 4 Apr 2011 @ 7:28pm
  
  Re: Wait...
  Unfortunately, the persons responsible for completing/checking the paperwork on this are not computer geeks regardless of which publication they support. These are accountants and finance clerks. They can crunch the numbers with the best of them, but take from me, they are clueless when it comes to stuff like this. I work for a fairly large IT orginization. We handle everything from simple colocation to custom security solutions. Our finance/accounting teams are computer stupid some days.
  [ link to this | view in chronology ]
- Anonymous Coward, 4 Apr 2011 @ 8:17pm
  
  Re: Wait...
  actually, it looks like they're just the publisher. And wired wrote on this earlier.
  http://www.wired.com/threatlevel/2011/04/condenast-hooked-by-spear-phisher/?utm_source=feedburner& amp;utm_medium=feed&utm_campaign=Feed%3A+wired%2Findex+%28Wired%3A+Index+3+%28Top+Stories+2%29%2 9
  [ link to this | view in chronology ]
  - PopeRatzo (profile), 4 Apr 2011 @ 8:37pm
    
    Re: Re: Wait...
    actually, it looks like they're just the publisher.
    "Just" the publisher? Do you know what it means to be the "publisher" of a magazine?
    [ link to this | view in chronology ]
Anonymous Coward, 4 Apr 2011 @ 7:56pm

He should have put a rush order on his application for a passport and visa to Brazil.
[ link to this | view in chronology ]
Capitalist Lion Tamer (profile), 4 Apr 2011 @ 8:08pm

This "Electronic Payment Authorization Form"
Does anyone have a copy of it? I'd like to send it to a few periodicals and see what comes back. The NYT in particular seems to have a few extra million to burn.
[ link to this | view in chronology ]
Anonymous Coward, 4 Apr 2011 @ 8:41pm

Perfect opportunity missed
Would have been even funnier if he donated it all to Reddit (mega-popular website owned by conde nast that is in serious need of funding for more servers)
[ link to this | view in chronology ]
Pixelation, 4 Apr 2011 @ 10:11pm

Hi, my name is Mambutu and I am from Quad Graph. Please Western Union 8 million dollars to my account in Nigeria. Thank you very much.
[ link to this | view in chronology ]
- Anonymous Coward, 4 Apr 2011 @ 10:18pm
  
  Re:
  Sounds legit, but I'm from Quint Graph, we're 1 graph better and need 9 million.
  [ link to this | view in chronology ]
  - The eejit (profile), 5 Apr 2011 @ 12:45am
    
    Re: Re:
    I'm from Qyantum Graph and I require half of your monthly profits to protect you from your lawyers.
    [ link to this | view in chronology ]
Anonymous Coward, 5 Apr 2011 @ 3:38am

Neat, I learn more about the place I work from the internet than I do from actually working there...
[ link to this | view in chronology ]
JPHeindel, 5 Apr 2011 @ 4:11am

Irony?
I find it ironic(?) that any number of the banner ads displayed around this aritcle are probably scams.
[ link to this | view in chronology ]
- senshikaze (profile), 5 Apr 2011 @ 4:42am
  
  Re: Irony?
  You mean like the Arkansas tourist info one? Or the umpteen billion Microsoft ones? While I fully agree with you that Microsoft is scam, are you trying to say that Arkansas isn't real?
  
  Which of course brings up the question of what exactly are you seeing in your ads? Have you been to bad places on the 'net? Maybe they just go you pegged. :)
  [ link to this | view in chronology ]
  - Anonymous Coward, 5 Apr 2011 @ 4:50am
    
    Re: Re: Irony?
    Every time a see you folks talking about those things(i.e. ads and buttons) I can't help but think about unicorns.
    
    I always ask myself what ads? what buttons? where?
    [ link to this | view in chronology ]
    - senshikaze (profile), 5 Apr 2011 @ 7:04am
      
      Re: Re: Re: Irony?
      I have actually changed how my adblocker works. On the main page of the top 12 sites I visit (what I have in my speeddial on firefox), I leave ads turned on. As soon as I click through to an article, though, I get no more flashy banners. Personally I think it is the best of both worlds. Sites get the views, I get to read the articles I want in detail without distraction.
      [ link to this | view in chronology ]
      - Anonymous Coward, 5 Apr 2011 @ 10:50am
        
        Re: Re: Re: Re: Irony?
        Interesting idea. Personally, I get all my news via RSS/Twitter feeds though, so I almost never visit the home pages anyway. But, I like the idea in general.
        
        That said, I'd have no need for adblock if the people that ran the ads would take the time to make sure they are good. Even with all the profiling and such on the web, I'd still say less than 1% of ads appeal to me; having them load is a complete waste of time over 99% of the time.
        [ link to this | view in chronology ]
        
        Anonymous Coward, 5 Apr 2011 @ 10:55am
        
        Re: Re: Re: Re: Re: Irony?
        Almost forgot; on top of being wildly mis-targeted, they are often equally annoying (flashing, animations, flash, etc). Google is the only advertiser that got it right (text only) and even they are straying from that principle now.
        [ link to this | view in chronology ]
    - BearGriz72 (profile), 5 Apr 2011 @ 12:03pm
      
      Re: Re: Re: Irony?
      Thank You AdBlock/NoScript
      [ link to this | view in chronology ]
  - Anonymous Coward, 5 Apr 2011 @ 7:12am
    
    Re: Re: Irony?
    Trust me. I live in Arkansas. It's not real.
    [ link to this | view in chronology ]
    - Anonymous Coward, 5 Apr 2011 @ 9:29am
      
      Re: Re: Re: Irony?
      I live in Arkansas and I have no clue what you are talking about. All I see are IBM, SAP, Capital One and American Express ads...
      
      Back to topic, it is of my opinion that this is one example of why companies should not outsource spam filtering. There is just no 3rd party out there that can guarantee that every legit email is sent, and every non-legit email is filtered.
      
      Granted, mistakes can happen in house, but at our company, we are running, at most, a rate of 1-2 spam per month that actually make it to the end users inbox, and emails like this one would be caught, questioned, and actual phone calls made before any paperwork is filled out.
      
      Sometimes, there is just no substitute for "hey...wtf is THAT?!?!"
      [ link to this | view in chronology ]
- Anonymous Coward, 5 Apr 2011 @ 4:53am
  
  Re: Irony?
  Banners? Ads?
  
  There are ads on the Internet?
  
  What is this? 1998?
  [ link to this | view in chronology ]
  - The eejit (profile), 5 Apr 2011 @ 5:13am
    
    Re: Re: Irony?
    Only if you work in America, apparently.
    [ link to this | view in chronology ]
  - Anonymous Coward, 5 Apr 2011 @ 5:16am
    
    Re: Re: Irony?
    Oh yes you are so awesome. You hid the ads. Please go steal...I mean borrow...I mean it is an infinite good so just take it and place it on your hard drive.
    [ link to this | view in chronology ]
    - Anonymous Coward, 5 Apr 2011 @ 5:42am
      
      Re: Re: Re: Irony?
      I didn't hide anything. I merely prevented the site from executing a bunch of needless crap and loading a truckload of stuff from other servers that I don't want or need. And the only benefit they present me is a slowed down browser and 90% of the browser window covered in flashing ads. Yay! Go ads!
      [ link to this | view in chronology ]
    - Anonymous Coward, 5 Apr 2011 @ 12:21pm
      
      Re: Re: Re: Irony?
      Oh yes you are so awesome. You hid the ads. Please go steal..
      
      Typical copyright supporter. We need to get rid of these people.
      [ link to this | view in chronology ]
    - Bt Garner (profile), 5 Apr 2011 @ 10:33pm
      
      Re: Re: Re: Irony?
      You know, if your business model can be thwarted by a script, it may not be the best model out there.
      [ link to this | view in chronology ]
Anonymous Coward, 5 Apr 2011 @ 8:52am

Since trademark enforcement is often viewed with a skeptical eye around here, I thought I'd mention that this is one reason why companies get uncomfortable about similar trademarks and domain names.
[ link to this | view in chronology ]
Bobo Bolinski, 14 Dec 2011 @ 9:28pm

Too much
In the late 90s some guy scammed SONY, out Co. and several others out of several mil of vieo gear by pretending to be a NATO general in England. He showed up to meetings in a limo w NATO flags on the fenders. No uniform.
[ link to this | view in chronology ]