Phishing Story #4: The Barbara Corcoran Shark Tank Scam

What Happened?

In 2020, "Shark Tank" judge Barbara Corcoran became a victim of a sophisticated email phishing scam, losing $388,700. The scam involved an email address closely resembling that of Corcoran's assistant, with a fake invoice from FFH Concept GmbH, a German company, for real estate renovations—a plausible transaction given Corcoran's real estate dealings. The bookkeeper, deceived by the email's authenticity, authorized the transfer. The fraud was only detected when the bookkeeper subsequently contacted Corcoran's actual assistant. The scam emails were later traced to a Chinese IP address​​.

The Impact

This incident is a stark reminder of the growing complexity of phishing scams. The attackers meticulously planned the scam, utilizing techniques like conversation hijacking and domain impersonation. They had extensively researched Corcoran's real estate investments and business operations in Germany to make the attack convincing. This scam is part of a larger trend in real estate scams and Business Email Compromise (BEC) attacks, which have been increasing both in frequency and sophistication​​.

Lessons Learned

The scam illustrates the critical need for heightened awareness and scrutiny in email communications, especially those involving financial transactions. Cybercriminals often exploit the identities of trusted individuals or entities to execute their fraudulent schemes. Verifying the authenticity of unusual or unexpected financial requests, particularly those involving wire transfers, is essential.

Tips for Businesses

1. Educate Employees: Train staff to recognize, handle, and report phishing and BEC attacks.

2. Implement Protection Technologies: Use tools that can detect and prevent business email compromise and other impersonation attacks.

3. Monitor for Suspicious Activities: Be vigilant for abnormal logins or IP addresses, indicating possible account compromise.

4. Establish Verification Procedures: Create and enforce policies for confirming the legitimacy of email requests for financial transactions, especially for wire transfers​​ (easiest one to put in place).

Recovery Efforts

The specifics of the recovery efforts for the funds lost in this phishing scam are not detailed in the sources we accessed. Recovering funds in such cases is often a complex and challenging process.

Sources

Yahoo Finance: "Shark Tank" Host Barbara Corcoran Loses $380,000 In Email Phishing Scam, 2020​​.

Barracuda Blog: Lessons from Shark Tank star Barbara Corcoran's $400,000 phishing scam loss, 2020

Inc.com: Barbara Corcoran Lost Nearly $400,000, and It Shows the Real Risk of Email Phishing Scams, 2020​​.