Two top-level executives of movie chain Pathé—the Managing Director and the CFO—were fired recently, after it became clear that they fell for a massive CEO Fraud attack that could have been prevented if they only would have spotted the red flags.
In a recent Amsterdam, Holland court decision (registration wall) the details were revealed how this scam went down, and what errors were made along the way.
Thursday, March 8th, the MD of a Dutch movie chain gets an email from the CEO of their holding company: "Did KPMG already call you?" The email was sent from a smartphone. The MD forwards the email to their CFO, but both are puzzled. They decide to email back and ask what the issue is.
The answer is a classic CEO Fraud tactic: "We are in a confidential M&A process with a foreign company in Dubai, and any communications can only be done using the personal email address of the CEO. Please transfer the first 900K and this money will be transferred back to you at the end of the month."
An email thread ensues where the MD wants to make sure that the transaction is legit. "No worries", confirms the holding company CEO. Please transfer the first 10% of the acquisition.
Tuesday March 13 the second transfer gets made: 2.5 million. The two execs wonder what is going on but decide to comply with the CEO's orders. More transfer requests follow, for higher amounts. Tuesday March 27th the "last payment" gets made. A total of 21 million dollars has been transferred over roughly two weeks, and they get assured: "Yes, we'll now transfer this money back right away". That was the last thing they heard.
Finally the HQ wakes up, grabs the phone, and asks about the transfers: "What is going on? What was the money used for?" The penny drops. The two execs have fallen for a CEO Fraud scam and are immediately put on administrative leave, and later fired.
The CFO went to court and contested being fired, he claims he was just following orders and he cannot be blamed for this disaster. However, HQ feels he should have spotted the red flags and never transferred the money in the first place.
The court digs into the matter and concludes that the movie chain has become the victim of a sophisticated gang of cyber criminals. The CFO cannot go back to the office, there are too many trust issues at this point. He's getting a few more months pay and will be cut loose December first. No word if any money has been recovered, but if you do not file claw-back requests in 24 hours, the chances of getting it back are slim.
This could have been easily prevented. Here are 3 free resources you can use right away
High-risk employees need to be stepped through new-school security awareness training which takes scenarios like this and does automated simulated attacks combined with immediate remedial training to inoculate them against sophisticated scams like this.
Apparently Pathé did not train these executives at all, or if they did, it was very badly executed. We strongly urge you to prevent disasters like this and create your own, strong human firewall that will spot and block attempts like this. KnowBe4 enables your employees to make smarter security decisions.
These are the free resources you can use right away:
- Get a free demo of the platform
- Download the free CEO Fraud Whitepaper
- Do the Domain Spoof Test which shows you if CEO Fraud makes if to your employees
To start with, here's some brand new footage about KnowBe4 and how things look behind the scenes. This shows you who we are. October 2018, Our Series A Venture Capital investor Elephant Partners asked us if it was OK to shoot some footage so that they could show their investors how KnowBe4 was doing as an Elephant portfolio company. They sent a crew, and these 3 minutes are what they created. We were thrilled with the result so we decided to share it with the world! Here you go:
See KnowBe4's platform for yourself and get a live, one-on-one demo.
And here is another resource. A free download of the KnowBe4 CEO Fraud Prevention Manual, which has a great CEO Fraud Response Checklist you can use in case of incidents like this, and a second CEO Fraud Prevention Checklist to make sure that this does not happen in the first place:
CEO Fraud Prevention Manual Download
CEO fraud has ruined the careers of many executives and loyal employees. Don’t be next victim. This brand-new manual provides a thorough overview of how executives are compromised, how to prevent such an attack and what to do if you become a victim.
PS: Don't like to click on redirected buttons? Copy and paste this link in your browser: