Cyber Incident Victim: Corcoran Group LLC
Date:
Feb 2020
Location:
United States of America
Summary
Barbara Corcoran, a prominent real estate investor and television personality, lost $380,000 in a spear phishing attack where fraudsters impersonated her assistant via a subtly misspelled email address. The message contained a forged invoice from a legitimate German company for property renovations, which appeared credible due to her real estate activities, prompting her bookkeeper to wire the funds. The deception was uncovered only after the bookkeeper inadvertently copied Corcoran's actual assistant on a follow-up communication. The incident highlighted targeted email scams exploiting trusted business relationships to bypass scrutiny.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On February 26, 2020, or shortly before, Barbara Corcoran, a prominent real estate investor and Shark Tank host, fell victim to a spear phishing attack resulting in a $380,000 financial loss. Attackers impersonated Corcoran’s assistant by sending an email from an address misspelled by a single letter, exploiting established trust within her organization. The fraudulent email contained an invoice for $388,700.11 from FFH Concept GmbH, a legitimate German company, purportedly for real estate renovation services. As Corcoran actively invested in property developments, the invoice’s subject matter did not initially arouse suspicion. A bookkeeper within Corcoran’s organization processed the wire transfer to the attacker-controlled account listed in the email without secondary verification. The scam was detected only after the bookkeeper later replied to the original email and included Corcoran’s actual assistant as a recipient, revealing the discrepancy between the legitimate and spoofed email addresses. No additional technical details about the attack vector—such as malware, compromised systems, or network intrusions—were disclosed in available reports.
Corcoran publicly acknowledged the incident on February 27, 2020, via Twitter, stating, “Lesson learned: Be careful when you wire money!” but declined further comment to Forbes. She later told PEOPLE, “I was upset at first, but then remembered it was only money,” downplaying the emotional impact. The incident highlighted operational vulnerabilities in her financial approval processes, particularly the absence of multi-step verification for high-value transactions. No recovery of the stolen funds or legal actions against the perpetrators was reported. Cybersecurity analysts cited the attack as a classic example of spear phishing, which leverages targeted deception rather than technical exploits to bypass defenses. According to industry data referenced in reports, 62% of companies experienced similar phishing or social engineering attacks in 2018, underscoring the prevalence of such tactics against both individuals and organizations. Corcoran’s prominence as a business figure amplified media coverage of the incident, though no long-term financial or reputational consequences were documented in available sources.