Unfortunately, one hedge fund company based in Australia did not get the message.
The Australian Finance Review reported that Levitas Capital’s largest institutional client, Australian Catholic Super, had pulled a planned $16 Million investment following the September incident and the fund would be closing down. It was later reported that this was due to a fake Zoom meeting invite phishing link that was opened by one of the co-founders of the organization.
Fraudulent invoices were then sent to other companies that the fund had previously worked with. “There were so many red flags which should have been spotted … It makes you wonder where else in the system could this happen?” said Michael Fagan, co-founder of Levitas Capital.
Here is the screenshot of the Zoom invite to show just how realistic the invite looked:
Let this be a warning for other companies not taking new-school security awareness training seriously. It's important to continually educate your users of common social engineering tactics like this one.