top | item 39248789

(no title)

pliny | 2 years ago

The secret challenge exists and it is the phone number / email address / VC account of CFO. If CFO wants to order EMPLOYEE to send money, then EMPLOYEE should only do the action after making an outgoing call to CFO.

discuss

hn_throwaway_99|2 years ago

100% agree. "Hang Up, Look Up, Call Back" should be made into a jingle and absolutely hammered into the culture of, at this point, literally everyone (given all the scams that occur targeted both toward consumers and employees): https://krebsonsecurity.com/2020/04/when-in-doubt-hang-up-lo...

mr_toad|2 years ago

The scammers make up some “plausible” reason that the CEO can’t talk on the phone.

makeitdouble|2 years ago

Where it hurts is it can be a PITA to get hold of the CFO from the mere employee side, especially as the CFO was UK based.

Basically, it was a well thought and well executed scam that perfectly fit the employee's situation.

dools|2 years ago

The CFO was on the call. You just say "cool I'm sending a 4 digit code to your mobile phone, read it back to me".

greenyoda|2 years ago

> it can be a PITA to get hold of the CFO from the mere employee side

I'm guessing that someone who can authorize a $25M transaction is fairly high up in the corporate hierarchy, not that many levels away from the CFO.

TrackerFF|2 years ago

I don't know enough about this, but would it be possible for the scammers to hijack the SIM swapping?

That is, the scammer manages to get ahold of the SIM card / phone number of the CFO, and be on the receiving end if/when a worker calls the CFO up.

Weakest link would probably be to compromise some telecom worker, so that this can be orchestrated.

agilob|2 years ago

Make a twist and call my wife, not me.

aussieguy1234|2 years ago

This will work, until some determined actor sim swaps the CFO in advance.