Another company has lost millions in a phishing scam engineered with a fake email from the CEO.–PC Pitstop
Phishing Scams Lead with Fake CEO Emails
By Stu Sjouwerman, for KnowBe4.com Security Awareness Training
Magazine publisher loses $1.5M in phishing scam
Cyber-criminals have social engineered magazine publisher Bonnier Group out of at least $1.5m after hacking the CEO’s email. The total damage could be as much as $3.0 million.
Bonnier Corporation, has over 600 employees and $200m in revenue with magazines like Scuba Diving.
Cyber-criminals hacked the corporate email account of then-CEO David Freygang and sent emails to an unnamed employee in Accounting to transfer large sums to a Chinese bank via electronic transfer, according to the New York Post.
One $1.5m payment went through successfully, but the second transfer could be stopped and clawed back after the employee called Freygang to double check if the request was legit.
CEO Fraud Social Engineering Scam On The Rise
Known variously as the “CEO fraud,” or the “business email compromise,” highly sophisticated cyber criminals try to social engineer businesses that work with foreign suppliers. This swindle is increasingly common and targets businesses that regularly perform (foreign) wire transfer payments. In January 2015, the FBI warned that cyber thieves stole nearly $215 million from businesses in the previous 14 months through such scams, which start when crooks spoof or hijack the email accounts of business executives or employees.
The CEO’s email gets spoofed while the CEO is travelling and employees are tasked to transfer large amounts of money out of the country. In February, con artists made off with a whopping $17.2 million from one of Omaha, Nebraska’s oldest companies — The Scoular Co., an employee-owned commodities trader.