$500K Investment Firm CEO Fraud
A Michigan investment firm fell victim to CEO Fraud and is out $500,000 after an employee was tricked by a social engineering attack into transferring the money to a bank in Hong Kong. Unfortunately for them it’s likely their insurer won’t cover it since this was a human failure rather than a security failure in their hardware or software.
The employee at Pomeroy Investment Corp thought they received a transfer request from one of their executives, but instead transferred $495,000 to hackers in China. It was only days later that anyone realized someone got into the sender’s account and made the fraudulent request, by then the money was gone. Apparently it was not unusual for employees to make this type of request via email, though now it seems they have changed their security policies.
This probably could have been prevented had employees been properly trained to spot phishing and social engineering attacks. Simulated phishing attacks are a good way to get employees familiar with tactics scammers use in order to recognize attacks when they happen. Employees should be wary of any allegedly urgent wire transfer request that comes through email, and take the extra step to reach out and contact that person or organization to verify their identity.
According to the FBI, companies have lost $2.3 billion to CEO Fraud since October of 2013. If you think that you or your business might be at risk contact us for a consultation.