Project Veritas announced on Monday that it was defrauded out of $165,000 after being targeted by hackers.
James O’Keefe, the group’s founder, said that scammers posing as the group’s attorneys were able to convince his team to transfer funds out of their bank account.
“So we received an invoice for $165,000 from a few of our attorneys and we intended to pay that invoice so we set up wire transfers for payment,” O’Keefe says. “Within an hour the lawyers reached out to us asking us to pay the invoice via a new account they had set up.”
O’Keefe further claims that the hackers appeared to be monitoring his correspondence with his actual attorneys before interjecting with a similar-looking email account.
“They actually impersonated the actual name of our lawyer, changing a few letters in the email address, replying in real-time to an email chain with our actual attorneys,” O’Keefe added. “It appears the fraudsters were watching, waiting for an invoice to be sent to us and then pounced, impersonating them, replying to a real email as the lawyer’s name the moment the invoice came.”
The hack appears to be what is known as a Business Email Compromise (BEC) or Email Account Compromise (EAC) attack. The FBI describes such attacks as sophisticated scams “targeting both businesses and individuals performing transfers of funds.”
“The scam is frequently carried out when a subject compromises legitimate business email accounts through social engineering or computer intrusion techniques to conduct unauthorized transfers of funds,” the FBI explained in a report last year.
The FBI says it received 19,369 BEC complaints in 2020 alone, representing a loss of more than $1.8 billion in funds.
But that wasn’t the only attack Project Veritas claims to have been targeted by. O’Keefe goes on to state that his organization had also been hit with Denial-of-Service (DoS) attacks. Specifically, O’Keefe says the attackers made numerous $50,000 donations to the company and then requested a refund, which would force Project Veritas to pay processing fees.
The attacks came just days after Project Veritas’ New York headquarters was flooded by Hurricane Ida.
This week’s top technology stories
*First Published: Sep 13, 2021, 12:13 pm CDT
Mikael Thalen is a tech and security reporter based in Seattle, covering social media, data breaches, hackers, and more.