Prepare yourself for a true story illustrating how swiftly cybercriminals can devastate a business. Equally important, I’ll reveal several strategies that could have prevented this. Share this with anyone making online payments, especially your staff. The company’s name and principals have been withheld to prevent further targeting.
$43,000 Vanished in an Instant
Picture this: on an ordinary Friday evening after a grueling workweek, you glance at your phone to see a notification from your bank. You open it only to discover that you’ve just transferred $43,000 to a company you’ve never even heard of!
This nightmare became a reality for a small business owner just a few weeks ago – and there’s NO way for the owner, the police, or anyone else to recover that money. It’s gone for good.
Fortunately, this company could absorb the $43,000 loss, but it still hit hard. They were, frankly, fortunate they weren’t taken for more.
Here’s the incident and steps to prevent it from befalling you.
The Email that Started Everything
Imagine receiving an email so convincing and devoid of red flags that you feel compelled to act. This isn’t a lapse in judgment; it’s a sign of the sophistication of modern cyber threats.
In this case, an employee in the accounting department received an email from the company’s “CEO,” stating they were starting work with a new company and needed immediate setup in the system and a payment to them.
This wasn’t an unusual email, and the amount wasn’t suspicious – they often dealt with large sums. The only potential clue was its arrival on a Friday afternoon, stressing its urgency.
Believing they followed their boss’s instructions, the employee set up the attacker’s company in the system, including their bank details, and paid. The moment they hit “Send,” the money vanished.
It wasn’t until the CEO called minutes later, upon receiving the transfer notification, that alarm bells rang. By then, it was too late.
So, What Happened?
While the exact trigger for this chain of events is unclear, the probable cause is an email received weeks or months earlier by an employee, possibly the owner. This email likely appeared normal but contained a link that, when clicked, downloaded harmful software onto the recipient’s computer.
Over subsequent weeks, the cybercriminals infiltrated company communications, learning who was who and crafting a scheme to make it seem urgent for the CEO to pay a vendor.
They struck when the time was ripe, walking away with $43,000.
Similar to “Home Alone”
This scenario may seem far-fetched, but it’s not uncommon. Cybercriminals, like the thieves in “Home Alone,” scout homes before Christmas to target vacant houses.
Cybercriminals do the same remotely. You’d never know they were there until an attack happened.
In the cybercrime realm, this attack is termed spear phishing. Criminals pinpoint an individual in an organization who might fall for a scam, like here, and create a scheme targeting them.
What You and Your Team Need to Know
Sadly, there’s no foolproof defense against cybercriminals. However, like the robbers in “Home Alone,” they target easy marks. If your house has gates, security systems, cameras, and fierce dogs, burglars will likely move on to an easier target.
Cybercriminals operate similarly, seeking unprotected companies. The best defense is layers of protection and educating your employees.
3 Actions to Protect Your Company Now
- Multi-factor authentication (MFA), or two-factor authentication (2FA), isn’t just a tool; it’s a shield against cyber threats. For instance, logging into a program sends a code to your phone via text. MFA is like locking your doors at night – simple yet highly effective.
- Employee Training: Your employees are the frontline. Teach them about common scams, how to avoid them, and what to do if they suspect a malicious link. Your IT company likely offers training programs to educate staff and quiz their knowledge.
- Cybersecurity Services: MFA is a start. Consult a qualified company for a comprehensive security plan beyond firewalls and antivirus software. Cyber threats evolve; your defenses should, too.
Avoid This Mistake!
Perhaps the worst move by the $43,000 loss company was posting a video and story on social media. While well-intentioned to warn others, it’s like advertising how your house got robbed – inviting more attacks.
Not Sure if You’re Protected? To ensure your security, get a FREE Cyber Security Risk Assessment. We’ll evaluate your system to identify vulnerabilities. Schedule your assessment with our senior advisors at 973-828-0488 or visit https://ibsre.com/connect-with-ibs/.
Stay vigilant, stay protected.