Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Cloud

7/2/2020
02:30 PM
Chenxi Wang
Chenxi Wang
Expert Insights
Connect Directly
Twitter
LinkedIn
RSS
E-Mail
50%
50%

Anatomy of a Long-Con Phish

A fraudster on LinkedIn used my online profile in an apparent attempt to pull off a wide-ranging scam business venture.

(Continued from previous page)

I fully expected that I would not hear a word back. To my surprise, he responded rather quickly:                             

My information was indeed removed from their website after that. But I was perplexed. Why would a scammer take time to respond to me and comply with my request?

My friend Aviv Raff, a cybersecurity expert, thinks that Poddar and his accomplice are patiently playing out their long con. "They are still trying to build their reputation," Raff said. "Their game is bigger than you or any other individual." 

In the ensuing weeks, Foxhog ventures, Budding Beats, and the associated Fackbook pages have been quite busy. I watched Foxhog jump from one fake managing partner to another, often within the span of a week or two. As recent as 20 days ago, Foxhog venture's Facebook page featured an ad looking for summer interns.

I learned in follow-on conversations with my LinkedIn informant that Poddar had offered jobs to unsuspecting college students to work at his "venture firm." When these candidates found out that he did not have a real company and quit, he would threaten them with legal actions for "illegally quitting" and ask for payments to compensate the firm.

When I showed all this to Raff, he said: "The phisher in this case is not very sophisticated, as he is making many mistakes. But he is also learning in this process. Eventually, he would try to lure reputable investors to either give them money or provide him access to money."

One thing is for sure: Poddar and his accomplices are hard at work. The rate of new content produced by this fake company put the marketing operations of many organizations to shame. The last iteration of Foxhog's website showed that they are now offering corporate training programs, apparently in partnership with Stanford Graduate School of Business:

Dr. Chenxi Wang is the founder and General Partner of Rain Capital, a Cyber focused venture fund. A well-known strategist, speaker, and technologist in the Cybersecurity industry, Dr. Wang also serves on the Board of Directors for MDU Resources (NYSE:MDU) and on various ...
View Full Bio
 

Recommended Reading:

Previous
2 of 2
Next
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
More SolarWinds Attack Details Emerge
Kelly Jackson Higgins, Executive Editor at Dark Reading,  1/12/2021
Vulnerability Management Has a Data Problem
Tal Morgenstern, Co-Founder & Chief Product Officer, Vulcan Cyber,  1/14/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
2020: The Year in Security
Download this Tech Digest for a look at the biggest security stories that - so far - have shaped a very strange and stressful year.
Flash Poll
Assessing Cybersecurity Risk in Today's Enterprises
Assessing Cybersecurity Risk in Today's Enterprises
COVID-19 has created a new IT paradigm in the enterprise -- and a new level of cybersecurity risk. This report offers a look at how enterprises are assessing and managing cyber-risk under the new normal.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-7343
PUBLISHED: 2021-01-18
Missing Authorization vulnerability in McAfee Agent (MA) for Windows prior to 5.7.1 allows local users to block McAfee product updates by manipulating a directory used by MA for temporary files. The product would continue to function with out-of-date detection files.
CVE-2020-28476
PUBLISHED: 2021-01-18
All versions of package tornado are vulnerable to Web Cache Poisoning by using a vector called parameter cloaking. When the attacker can separate query parameters using a semicolon (;), they can cause a difference in the interpretation of the request between the proxy (running with default configura...
CVE-2020-28473
PUBLISHED: 2021-01-18
The package bottle from 0 and before 0.12.19 are vulnerable to Web Cache Poisoning by using a vector called parameter cloaking. When the attacker can separate query parameters using a semicolon (;), they can cause a difference in the interpretation of the request between the proxy (running with defa...
CVE-2021-25173
PUBLISHED: 2021-01-18
An issue was discovered in Open Design Alliance Drawings SDK before 2021.12. A memory allocation with excessive size vulnerability exists when reading malformed DGN files, which allows attackers to cause a crash, potentially enabling denial of service (crash, exit, or restart).
CVE-2021-25174
PUBLISHED: 2021-01-18
An issue was discovered in Open Design Alliance Drawings SDK before 2021.12. A memory corruption vulnerability exists when reading malformed DGN files. It can allow attackers to cause a crash, potentially enabling denial of service (Crash, Exit, or Restart).