Skip to content
Search
  • There are no suggestions because the search field is empty.
Cancel
Get Started Now

    Security Awareness Training Blog

    Magazine publisher loses $1.5M in phishing scam

    dave_freygangCyber-criminals have social engineered magazine publisher Bonnier Group out of at least $1.5m after hacking the CEO’s email. The total damage could be as much as $3.0 million.

    Bonnier Corporation, has over 600 employees and $200m in revenue with magazines like Scuba Diving.

    Cyber-criminals hacked the corporate email account of then-CEO David Freygang and sent emails to an unnamed employee in Accounting to transfer large sums to a Chinese bank via electronic transfer, according to the New York Post.

    One $1.5m payment went through successfully, but the second transfer could be stopped and clawed back after the employee called Freygang to double check if the request was legit.

    I can confirm an employee at Bonnier fell victim to cyber-fraud in the range of $3m,” new CEO Eric Zinczenko apparently said on his first day in the job on Tuesday. “It’s a fairly sophisticated phishing expedition, but we have no idea who was behind it".  Freygang denies his replacement by new CEO Zinczenko is connected to the incident. 

    The instructions in the email were to keep the transfers urgent and confidential. This is standard practice in attacks like this. Also, very common in cases like this, the Chinese bank in question did not cooperate in helping the firm get its money back. Corruption is rampant in China, and the bank in question may very well be owned by the local cyber mafia. 

    Here is a PDF describing this in more detail which was created as part of a joint effort between the Federal Bureau of Investigation, the Financial Services Information Sharing and Analysis Center (FS-ISAC), and the United States Secret Service. https://www.fsisac.com/sites/default/files/news/BEC_Joint_Product_Final.pdf?

    The problem with phishing attacks like this is that it manipulates the normal command channels in an organization, using almost perfect looking spoofed emails from the CEO. The bad guys play on this, and use it over and over again. Employees need to stay on their toes with security top of mind to stop extremely expensive scams like this. Security awareness training is a must these days.

    Find out how affordable this is and be pleasantly surprised.

    Get A Quote Now

     

    Return To KnowBe4 Security Blog

    Topics: Phishing

    Stu Sjouwerman

    ABOUT STU SJOUWERMAN

    Stu Sjouwerman (pronounced “shower-man”) is the founder and CEO of KnowBe4, Inc., which hosts the world’s most popular integrated security awareness training and simulated phishing platform, with over 54,000 organization customers and more than 50 million users. A serial entrepreneur and data security expert with 30 years in the IT industry, Stu was the co-founder of Inc. 500 company Sunbelt Software, a multiple award-winning anti-malware software company that was acquired in 2010.

    Read more from Stu »

    Subscribe to Our Blog


    Security Awareness Training
    Blog RSS Feed
    Comprehensive Anti-Phishing Guide
    All Posts

    Posts by Tag

    See all

    Posts By Topic

    View All

    Get the latest about social engineering

    Subscribe to CyberheistNews