How to Scam $8 Million Dollars in Three Easy Steps

Wednesday, April 06, 2011



How complex does a scheme have to be in order to scam millions of dollars out of a large company? Apparently it is as simple one, two, three.

Publishing giant Conde Nast, the owner of well known magazine titles such as Vogue, GQ, and Glamour, was the target of a nearly successful scam to pilfer about $8 million dollars in assets.

The operation was quite simple:

  • The scammer, Andy Surface, opened a bank account at the Alvin, Texas branch of a  Compass Bank using the name "Quad Graph", which resembles "Quad/Graphics", a company which frequently does business with the publisher
  • Surface then sent an email to Conde Nast with an Electronic Payment Authorization requesting that subsequent payments for services rendered by Quad/Graphics be deposited in the faux bank account
  • Conde Nast personnel approved the Electronic Payment Authorization authorizing their bank to redirect payments

The tidy sum of about $8 million was deposited in the fraudulent account and another registered in Surface's own name over a six week period.

Fortunately, the staff at Quad/Graphics contacted Conde Nast to inquire why they had not received payment for printing services.

Conde Nast alerted federal authorities, and the Secret Service froze the account before the scammer could withdraw any funds.

“What's most frightening is the fact that this isn't just an unknowing private citizen being duped by a phony Facebook friend. This is a multibillion dollar corporation that clearly did not do its homework," said Paul Henry, a forensics and security analyst at Lumension.


Possibly Related Articles:
Email Phishing fraud scam Banking Headlines Conde Nast
Post Rating I Like this!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.