In Case You Missed It – CEO Fired After Wire Transfer Scam Results in $47 Million (USD) in Losses
In May, the 17-year tenured CEO of an Austrian aerospace parts maker was fired after the company fell victim to a wire transfer fraud scheme, in which the attackers posed as one of the company’s senior executives and requested a wire transfer be performed. The mishap resulted in $47 million USD in losses. This costly blunder was due to a lack of procedural controls and red flags awareness training.
FACC, the company, additionally fired its CFO in February, shortly after the incident occurred in January. Intimate details surrounding the cyberattack have yet to be released, including who fell for the fake-email and who performed the transfer, but the company did state that it managed to recoup roughly $12.1 million USD. The decision to remove the CEO from his post was made by the supervisory board.
Wire transfer fraud scams are certainly on the rise and are not going away anytime soon. The Financial Services Information Sharing and Analysis Center (FS-ISAC) stated that 76% of all fraud attempts involve a wire transfer (follow them on Twitter). According to statistics released by Guardian Analytics, more than 130 million wire transfers take place each year (follow them on Twitter). And the key as to why hackers continue to use this method? It’s effective, and it works. The FBI reported that these scams have cost organizations more than $2.3 billion in losses over the past three years, according to an article by KrebsonSecurity from April of this year (follow him on Twitter).
Proactive measures can be taken to reduce the likelihood of susceptibility to falling for CEO email scams and wire transfer fraud. First, it is important to implement strong dual-controls, whether this be a call back procedure or requiring secondary approval on transfers that meet a transition limit threshold. In addition, security awareness training is key. Often times, there are glaring red flags in these malicious emails which may be overlooked by the untrained eye. Understanding the threat and education are key in responding to this particular fraud attempt.
If you have any questions regarding wire transfer fraud and CEO email scams, please contact:
Michael Hammond, CISA, CISSP, CRISC, C|EH (Follow us on Twitter)
Director, IT Audit Services at [email protected]
or
W. Jackson Schultz, CISA (Follow him on Twitter)
Senior IT Audit & Security Consultant at [email protected]
