Case Study: How This CFO Was Nearly Tricked Into Transferring Millions

Aiden was suspicious when he received an internal email from the CEO of his company requesting that a large sum of money be transferred to a new vendor account. Immediately he emailed the CEO, “Are you certain you want me to wire this amount?”

The reply was swift, “Yes.”

Still suspicious, Aiden walked to the CEO’s office and asked, “I just want to clarify that you want me to wire this money.”

The CEO replied, “What money?”

Since the email came from within the company it didn’t have the usual tell-tale signs of being a phishing scam, that is misspellings, misleading URL’s, or veiled threats such as, “If you don’t respond right away we will close your account.”  What tipped Aiden off, was the request itself.

How did this happen? It is likely that the CEO downloaded a form of malware on his personal computer called a Keylogger Trojan and infected his computer at work when he accessed his business email via the personal computer.

Keylogger is actually a software that hides deep within the computer’s file system and as you type, it logs in each keystroke. Imagine, anything that is being typed into the computer like passwords, credit card information, etc… gets logged and sent to a hacker.

How to protect yourself and your company:

  1. Never use public computers to access personal accounts.
  2. Change your passwords frequently.
  3. If you’re traveling and using public Wi-Fi always use a virtual private network or VPN to protect your browsing.
  4. Remember too, that passwords kept on post-it notes around the office or keeping the same password for longer than a few months also pose significant security risks.

When it comes to security, the human factor is your biggest liability. In a recent survey of 630 security practitioners found that employee carelessness is the most likely cause of data security breaches. Technology will do a lot to mitigate the threats, but education and awareness should be at the top of your list.

Note: You may want to consider a managed cyber security solution like the one we offer at Consilien. This cost-effective solution continuously monitors your system 24/7 and will alert you to any changes or anomalies that fall outside your company’s policy and parameters. It enables testing for unintended or unauthorized connectivity between your network and others, provides visibility of every device and into every connection on your network, and allows you to identify devices that do not comply with your enterprise and network policy.

Contact us today for a free 30-minute cyber security consultation.

Photo by Ben White on Unsplash