Hacker News new | past | comments | ask | show | jobs | submit login

This was the real breach. Bank account numbers, company letterhead, the CFO's signature, these were all gathered before any attack took place!



Bank account numbers weren't leaked - the scammers simply requested the payments be rerouted to a different account. The letterhead could likely be easily reverse engineered, and I doubt the University rep knew what to look for, and the CFO's signature also doesn't carry any weight - any decent signature font could duplicate that signature (especially a digital one).

I agree with the original comment - how did these scammers gain the knowledge that these transactions were ongoing, and know exactly who to target?


If you know that a university is doing construction, then you know they're paying someone. It's not hard to know a university is doing construction because it will be reported on, they will have had to gain permission to do so, and you can just drive by and see the construction. Once you know that, then you just need to figure out the name of the companies involved. That should be simple: often construction companies will put up a sign, or you can just ask some people on site.

That's assuming no prior knowledge, in which case it would be even easier.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: