Magazine publisher loses $1.5M in phishing scam



dave_freygangCyber-criminals have social engineered magazine publisher Bonnier Group out of at least $1.5m after hacking the CEO’s email. The total damage could be as much as $3.0 million.

Bonnier Corporation, has over 600 employees and $200m in revenue with magazines like Scuba Diving.

Cyber-criminals hacked the corporate email account of then-CEO David Freygang and sent emails to an unnamed employee in Accounting to transfer large sums to a Chinese bank via electronic transfer, according to the New York Post.

One $1.5m payment went through successfully, but the second transfer could be stopped and clawed back after the employee called Freygang to double check if the request was legit.

I can confirm an employee at Bonnier fell victim to cyber-fraud in the range of $3m,” new CEO Eric Zinczenko apparently said on his first day in the job on Tuesday. “It’s a fairly sophisticated phishing expedition, but we have no idea who was behind it".  Freygang denies his replacement by new CEO Zinczenko is connected to the incident. 

The instructions in the email were to keep the transfers urgent and confidential. This is standard practice in attacks like this. Also, very common in cases like this, the Chinese bank in question did not cooperate in helping the firm get its money back. Corruption is rampant in China, and the bank in question may very well be owned by the local cyber mafia. 

Here is a PDF describing this in more detail which was created as part of a joint effort between the Federal Bureau of Investigation, the Financial Services Information Sharing and Analysis Center (FS-ISAC), and the United States Secret Service. https://www.fsisac.com/sites/default/files/news/BEC_Joint_Product_Final.pdf?

The problem with phishing attacks like this is that it manipulates the normal command channels in an organization, using almost perfect looking spoofed emails from the CEO. The bad guys play on this, and use it over and over again. Employees need to stay on their toes with security top of mind to stop extremely expensive scams like this. Security awareness training is a must these days.

Find out how affordable this is and be pleasantly surprised.

Get A Quote Now

Topics: Phishing

Subscribe To Our Blog


Free Domain Spoof Test

Recent Posts




Get the latest about social engineering

Subscribe to CyberheistNews