Shark Tank Star Corcoran Loses $400K in Email Scam


A US TV personality star has fallen victim to a classic email fraud scam, leaving them with a loss of almost $400,000. The fraudster convinced Barbara Corcoran’s bookkeeper to wire funds to a new bank account.

Multi-millionaire Barbara Corcoran describes herself as an “NYC real estate queen” and is one of the investors on popular show Shark Tank. Last week, however, she took to Twitter with the brief message, “Lesson learned: Be careful when you wire money!”

The error was made by her bookkeeper, who had been tricked into wiring the $388,000 funds into an Asian bank, according to reports. The culprit reportedly spoofed the email address of Corcoran’s assistant and instructed her to wire the funds to a German company called FFH Concept.

It is unclear whether this was a legitimate supplier or a new organisation. However, the scammer apparently responded to an initial query for more information with an in-depth explanation about the invoice. This just shows how much effort they put into research Corcoran’s business.

This incident is similar to the business email compromise (BEC) or CEO fraud scams that netted scammers a colossal $1.8 billion last year. This accounted for half of all reported cybercrime losses. According to the FBI, this is up from approximately $1.3 billion in 2018.

Peter Goldstein, CTO and co-founder of Valimail, argued that firms cannot rely on human intuition alone to put a stop to these types of scams.

“The phishing scam impacting Corcoran’s company clearly debunks the myth that phishing emails are easy to spot. Many companies invest in employee security training to prevent this kind of attack, but as this incident proves, humans are not able to identify malicious emails reliably,” he added.

“Hackers leverage impersonation and heavily researched social engineering tactics to appear as trustworthy senders, and their fraudulent messages are often indistinguishable from legitimate ones.”

Goldstein recommended investing in technologies that have the ability to validate and authenticate sender identity. It is reported that the email address used by the hacker was almost identical to the one belonging to Corcoran’s assistant. The only difference was that a single “o” was missing. This is a common tactic used to fool recipients.

Join us for IDM Europe 2020

Join Whitehall Media’s prestigious 8th Identity and Access Management Europe conference as we address the increasing complexity of IAM, the value in centralisation of authentication methods, the rise in identity ownership initiatives, the role of disruptive technologies in supporting IAM processes and the latest trends and techniques being deployed to protect the enterprise eco-system from attack.