Barbara Corcoran's $400,000 BEC: Fake Invoice Fools Real Estate Mogul's Bookkeeper
An attacker spoofed the email address of Barbara Corcoran's assistant and sent an invoice to her bookkeeper that appeared entirely routine. $388,700 was wired to a German bank account before anyone noticed.
Background
Barbara Corcoran is a Shark Tank investor and real estate entrepreneur. Like many businesses, her company regularly processes invoices and wire transfers as part of normal operations. Attackers identified her assistant's email address and used it as a spoofing target.
The Attack
An attacker created an email address that appeared nearly identical to Corcoran's assistant's real email, with a single letter transposed. They sent the bookkeeper an invoice from "Corcoran Group" for $388,700 described as a renovation payment — a plausible expense for a real estate business. The bookkeeper processed the transfer to a German bank. The German bank forwarded funds to a Chinese account. The fraud was discovered when the real assistant was copied on a follow-up email.
Response
Corcoran's team contacted their bank immediately. The German bank was alerted. Approximately $388,700 was initially recovered, though reports vary. Corcoran went public about the fraud on social media, helping raise awareness of BEC attacks.
Outcome
Corcoran publicly disclosed the fraud with remarkable transparency. The case became widely cited in security training because of Corcoran's celebrity and willingness to discuss it. The attacker was never identified.
Key Takeaways
- Verify any wire transfer by calling a known number for the requester — not from contact details in the email
- Email addresses that differ by a single character are indistinguishable in a busy inbox — enable email authentication (DMARC)
- Anyone who processes wire transfers needs explicit BEC awareness training
- Recovery from BEC wire fraud requires immediate bank notification — hours matter for reversibility