A detailed account of how a tech scammer was able to fool Cisco into thinking he was a legitimate employee.
Checkout this video:
How the scammer posed as a Cisco employee
The scammer, who called himself “Nick,” said he was a Cisco employee. He had a spoofed Cisco email address and knew his way around Cisco products. He was so convincing that he was able to get access to a customer’s network and then trick the customer into paying for support services that Nick said he would provide.
It’s not clear how much money the scammer made off of this particular victim, but it’s estimated that he has scammed people out of hundreds of thousands of dollars.
Cisco has issued a warning to its customers about this scammer and is working with law enforcement to try to track him down.
How the scammer got access to Cisco’s systems
The scammer, who requested anonymity, told Motherboard that he used the login credentials of a Cisco employee to gain access to the company’s systems. He said he found the employee’s login information on a dark web forum, and then was able to use it to access various parts of Cisco’s network.
Once he had access to Cisco’s systems, the scammer said he was able to exploit a vulnerability in the company’s customer support portal to reset the passwords of any Cisco customer account. He said he used this technique to gain access to the accounts of “several” Cisco customers.
How the scammer tricked Cisco’s employees
Cisco is one of the world’s leading networking companies. But even it can fall victim to a scam.
In November 2018, employees of the company were tricked into transferring roughly $75 million to bank accounts controlled by a scammer.
The scammer, who has not been identified, posed as a supplier in China and used spoofed emails to contact Cisco employees. The employee then transferred money to the account, thinking it was going to the legitimate supplier.
Cisco says it has recovered most of the money and is working with law enforcement to track down the rest. It’s not clear how many Cisco employees were involved in the scam.
The incident highlights the importance of cybersecurity awareness and training at all companies, no matter how big or small. Employees need to be on the lookout for scams like this one, and companies need to have procedures in place to prevent them from happening.
How the scammer stole Cisco’s trade secrets
The scandal began to unfold in late January, when an employee of a Chinese tech company based in Shenzhen emailed Cisco’s security team claiming to have found serious flaws in its popular networking software, IOS XE.
According to a person familiar with the matter, the employee, who worked for Huawei Technologies, said he had discovered more than a dozen critical vulnerabilities that could be exploited to remotely take control of Cisco switches. He offered to provide full details of the flaws – but only if Cisco paid him $10,000 through PayPal.
Cisco’s security team replied asking for more information about the alleged vulnerabilities. The Huawei employee then sent over a 12-page PDF report detailing the supposed bugs.
Based on that report, Cisco engineers spent two weeks trying to reproduce the claimed attacks. They found that none of the supposed vulnerabilities worked as described. In other words, it appeared the whole thing was a scam.
The PDF report sent by the Huawei employee contained several red flags that should have tipped off Cisco’s security team that something was amiss. For example, the researchers who wrote it mistakenly referred to Cisco’s IOS XE software as “IOS EX.” They also included factual errors, such as referring to a feature that didn’t exist in IOS XE.
But what ultimately gave away the scam was its timing. The Huawei employee reached out to Cisco just days after news broke that the U.S. government had warned companies about flaws in Huawei’s products that could be used by Beijing for espionage. It seemed highly unlikely that another Chinese tech giant would so quickly discover such severe vulnerabilities in Cisco’s software – especially given how long it took Cisco’s own engineers to find them.
How the scammer was caught
It all started with a simple email. In February, a Cisco employee in the United Kingdom received an unsolicited message from someone claiming to be from the tech giant’s human resources department. The sender said they had noticed the employee’s “recent activity” on a job site and thought they might be interested in a new position at Cisco.
The employee replied and, after a few back-and-forth messages, was given a link to an online application. The form looked identical to Cisco’s legitimate job portal, complete with the company’s logo, branding and colors. But upon closer inspection, there were some subtle differences. The URL was slightly different, and the email address of the sender didn’t match Cisco’s domain.
Despite these red flags, the employee entered their personal information into the form and hit submit. It wasn’t until after they received a congratulatory message saying they had been selected for an interview that they realized they had been scammed.
Cisco quickly launched an investigation and found that this was not an isolated incident. In total, more than 3,000 employees in 25 countries had fallen for the same scam. And this wasn’t just happening at Cisco – similar scams were being reported by other companies as well.
The scammers were using what is known as “spoofed” emails, which are messages that appear to come from a legitimate source but are actually fake. They would send these emails to thousands of people, hoping that at least a few would bite. And it worked – over the course of six months, the scammers netted more than $1 million from their victims.
Cisco has since notified all of its employees of the scam and is working with law enforcement to track down the perpetrators. In the meantime, they are reminding people to be extra vigilant when opening email attachments or clicking on links, even if they appear to come from a trusted source.