€3 Million CEO Fraud from a Phishing Attack on an Office 365 Account.
Finnish antivirus company, ‘F-Secure’, reports on a phishing attack on an Office 365 account this week that nearly cost the company €3 Million. One of the employees of the Finnish investment firm received a phishing email that enabled a €3 Million CEO Fraud Scam. It started with an email that looked like it was from delivery firm DHL but which led to a fake site.
The employee not only clicked on the email, using his own email account, but also left his details including payment information, thereby becoming the next social engineering victim.
Now able to monitor his communication, the cyber criminals then resent the victim further emails. They sent a correction to a new account number which went undetected. They attached an Excel file which included details of the new account where the money should go, and this was unfortunately arranged.
Typical of phishing attacks, the translation of the language in the Excel spreadsheet was so awful that concerns were then raised but sadly much too late.
The company was however, able to freeze the transaction at the last minute and they found that this employee’s account had in fact been compromised.
The bad guys almost won again.
CEO Fraud is on the rise, responsible for over $3 billion in losses and has ruined many careers. Staff, especially finance departments, are often compromised, and there is little likelihood of getting this money back. Be prepared and strengthen your workforce with security awareness training and simulated phishing programmes.