Hackers nearly secure Hundreds of Thousands of dollars!!

Watch out for Business Email Compromise (BEC) scams as they are on the rise as people work from home.

This week I gained knowledge of a sophisticated BEC scam where a hacker gained access to a business’s emails and then was able to over a couple of month timeframe develop trust with an accounts team by sending them ‘spoof’ business’s emails. These emails appeared to come from person (Michael) who was forwarding them invoices for payment. The second email address (Hacked Michael) had the same signature as the real email address and had previous message trails from other legitimate know emails (specially Natalie D. who worked for the company who authored the invoices).

e.g [email protected] was Michael’s real email address and the hackers built up a trust with a second email that was similar named [email protected]

The hackers had sent many emails to the accounts team asking questions about payments etc and so the fake email address was accepted as being legitimate. Then after building this trust, the hacker sent a timely fake email noting that the latest invoices that were for payment were incorrect and the ones attached in the fake email were correct and to be used. It was noted that the banking account details had been updated and that the new attached invoices showed the correct accounts for the funds to be transferred to.

The accounts team saw nothing wrong with this request and proceeded to update the bank account details and sent off the payments.  These invoices totalled over $450,000.

Even more astounding was the accounts team had received a phone call and a voicemail from someone who had impersonated Natalie D. requesting that the payments be made immediately. The accounts team forwarded a recording of this voicemail to Michael and Natalie D. who were both astonished that it sounded like Natalie but was indeed not her.

Fortunately, the bank called the accounts team to let them know that the funds had been frozen because the bank had picked the new account up as being a know fraudulent account. So, the over $450,000 has been returned to the team (Very lucky, Phew!)

From some research on the internet apparently, this scam that targets all kinds of businesses, including charities and local sporting clubs. There is a misconception these scams target just small business, however the largest amount of reports and losses came from medium sized businesses, including recently Team New Zealand from the America’s Cup Race reporting losing more than $1,000,000.

Please spread the word about this type of scam so that effective management procedures can be put in place, all businesses should firstly be aware these scams exist and that all staff know about them too.

Businesses should consider a multi-person approval process for transactions over a certain dollar threshold and keep their IT security up-to-date with anti-virus and anti-spyware software and a good firewall.

After the hack was discovered it was noted that both email systems and computer networks at each end of this hack were checked for viruses and spyware software, with nothing being found and so it was considered that the hackers had somehow been intercepting emails across un-secured internet traffic.

Businesses should also check directly with their supplier if they notice a change in email addresses and or account details. It is vital businesses don’t do this just by return email or using other contact details provided. Find older communications to ensure you have the right contact details or otherwise independently source them, so they can be sure they are not contacting the scammer. 

My hope here is that we all learn that these types of cams exist and that we can stop businesses from losing thousands of dollars to scammers.

So right now you need to protect yourself an think;

·       What steps are you taking to change and put stops / checks in place to prevent this from happening to you?

·       What would this structure look like to prevent this happening?

·        At the very least, are you insured for such a loss such if this happened?