Cannabis Company Loses Millions in BEC Scam

Social Engineering Core Element Cyber AttackAustralian medicinal cannabis company Cann Group has lost $3.6 million in a business email compromise (BEC) attack, Stockhead reports. The company had thought it was paying an unnamed “overseas contractor,” but the payments were actually going to “an unknown third party.” The attack was discovered overnight on February 4th, and the fraudulent payments were related to the construction of the company’s 34,000 sq/m growing facility in Mildura, Victoria.

Cann Group said it’s “working with its bank to determine if any of the payments can be halted and if any of the funds involved are recoverable.” The company added that “[t]he matter has been reported to police in Victoria, Australia, the Netherlands and Hong Kong, as well as the Office of Drug Control.” The company’s stock price fell 6% upon the news.

“The Company has notified its insurance brokers to determine if a claim can be made to recover any of the losses involved,” Cann Group stated. “Immediate action has also been taken to ensure the integrity of Cann’s IT systems. The Company is in a financial position to continue with its ongoing operations and projects, including the construction of its Mildura facility, irrespective of any funds being recovered. The Company and its overseas contractor are investigating the incident thoroughly, including the engagement of external security and forensic IT experts to assist.”

BEC actors often target companies that make large payments to third parties, such as those associated with construction jobs, but these attacks can affect organizations of all sizes in any industry. These attacks are particularly effective because they involve a human on the other side of the keyboard, taking care not to trigger technical defenses or make noticeable errors in their fraudulent emails. New-school security awareness training can help your employees recognize red flags associated with targeted social engineering attacks.

Stockhead has the story.

Request A Demo: Security Awareness Training

products-KB4SAT6-2-1New-school Security Awareness Training is critical to enabling you and your IT staff to connect with users and help them make the right security decisions all of the time. This isn't a one and done deal, continuous training and simulated phishing are both needed to mobilize users as your last line of defense. Request your one-on-one demo of KnowBe4's security awareness training and simulated phishing platform and see how easy it can be!

Request a Demo!

PS: Don't like to click on redirected buttons? Cut & Paste this link in your browser:

Subscribe to Our Blog

Comprehensive Anti-Phishing Guide

Get the latest about social engineering

Subscribe to CyberheistNews