How $50,000 can be stolen through your email account

One of the most persistent (and inaccurate) truisms of hacking and cyber theft is the idea that only the inexperienced are targeted and successfully hacked.

Nothing could be further from the truth. The truth is *everyone* is targeted. Everyone is targeted because the gating factor for a hacker is not so much the technical intelligence of the target but something far more mundane — the operating system of their computer(s). Hackers cast a very wide net. Even the most connected techies fall for the same, dumb ploys.

We thought of this the other day after reading a ‘Medium’ piece by Adam Draper. Draper’s work Gmail account was hacked and he wrote about it. While logged into his account, Draper’s hacker generated a fake invoice for $50,000 worth of office furnishings and emailed it to Draper’s accountant. The accountant, used to doling out chunks of money to incubate startups OK’d by Draper or to cover operating costs of Draper’s Bitcoin incubator Boost, didn’t think much about the request and followed the invoice’s instructions to wire $50,000 to a bank in Chicago. Sure, $50,000 for new office furnishings was a little outside the norm, but not far enough to cause the accountant to confirm with Draper before sending the wire. After all, the request came from Draper’s email account and, by the looks of things, had all of Draper’s signature email tics.

You know what happened next. A $50k wire was withdrawn from the account and sent to a bank in Chicago, TCF. From there, the money was sent out of the country in smaller chunks. Wells Fargo, Draper’s bank, was unable to claw back the funds and Boost ended up $50,000 short.

Sounds like your average bank account hack, right? The kind we hear about all of the time, right?


But what makes it different is the target, Adam Draper. Adam Draper is the son of Timothy Draper – the man who founded the respected Silicon Valley venture firm, Draper, Fischer and Jurvetson. DFJ is a pioneer – the first VC firm to focus solely on tech. Adam Draper is a 3rd generation tech VC after his father and grandfather! One would be hard pressed to search Silicon Valley and find anyone more technically in-the-know.

Even so, Draper’s email account was compromised – it appears through a simple phishing attack. Yet, because Draper had been logging into Boost’s Wells Fargo account on that computer, all of his information was there for the taking. From there, the hack was child’s play.

Moral of the story: Everyone is targeted and no one is immune.

If you use a smartphone or desktop computer for online bank transfers then you put your trust in a gaggle of different software packages to work together securely. But your weekly security updates prove you were not secure. BankVault solves this problem, by bypassing the endpoint device you use for banking. Whatever you do online is secure, anonymous and untraceable from endpoint hackers. Your banking credentials remain safe using BankVault.

Share this post

Share on facebook
Share on twitter
Share on linkedin
Share on print
Share on email