A spear phisher managed to reel in a prize catch last year with a single hook when media giant Condé Nast took the bait and wired $8 million to his bank account after he posed as a legitimate business, according to a news account.
The alleged swindler failed to withdraw any funds before federal authorities intervened and froze the money, but the case highlights how little effort a scammer needs to invest in order to get a big payday.
A Condé Nast representative said the company could not comment on a pending investigation. Condé Nast publishes Wired magazine and Wired.com, as well as Vogue, The New Yorker, GQ and Glamour.
Information about the scam appeared in a forfeiture lawsuit filed March 30 in Manhattan by the U.S. Attorney's office for the Southern District of New York in an attempt to retrieve the money for Condé Nast. It was first reported by Forbes.
The filing seeks the funds for forfeiture on grounds that they are allegedly proceeds from wire fraud and money laundering crimes.
According to the court document, last November Condé Nast's accounts payable department received an e-mail (.pdf) that purported to come from Quad/Graphics, the company that prints Condé Nast magazines.
The e-mail instructed Condé Nast to send payments for its Quad/Graphics account to a bank account number provided in the e-mail, and included an electronic payments authorization form. The e-mail indicated the account was for Quad Graph, a name similar to the real printer's name.
Someone at Condé Nast apparently signed the form and sent it back to a fax number listed in the e-mail, then began making electronic transfer payments to the bank account specified by the scammer.
Between Nov. 17 and Dec. 30, the company wired $8 million to the Quad Graph account before a query around Dec. 30 from the real printer, Quad/Graphics, asking about outstanding bills, prompted Condé Nast to investigate the matter. The company was apparently able to reverse at least one transfer of about $36,000 back to its JPMorgan Chase account, though the court document doesn't indicate when that occurred.
According to the court filing, a man named Andy Surface allegedly opened the scam bank account last September at a branch of BBVA Compass Bank in Alvin, Texas. Surface had allegedly incorporated his business name with the county clerk's office before opening the bank account, identifying his home address in Alvin as the location of the business.
During December, about $84,000 of the $8 million was transferred from the Quad Graph account into another account bearing Surface's own name, but no money was withdrawn from either account before federal authorities got wind of the operation. They obtained a federal seizure warrant on Jan. 10 to freeze the funds until they could file the forfeiture lawsuit to retrieve them.
Surface has yet to be charged with any crime related to the scam, but Forbes dug up a previous charge against someone with the same name and address who pleaded no contest in December to "terroristic threat of family/household.”
The U.S. Attorney's office declined to comment.
Photo: The Conde Nast Building in Times Square, New York, Jan. 12, 2007. Bebeto Matthews/AP
