An employee at a Troy, Mich., investment firm fell for a CEO Fraud attack and was social engineered into transferring almost $500,000 to a Hong Kong bank. The error was noticed eight days after it took place, so the money is long gone.
They have reported it to their insurer, but very often this type of CEO Fraud is not covered, even when you have a specific cyber insurance policy, because no hardware or software was hacked. It was the human that was hacked instead.
The Troy police department said that Pomeroy Investment Corp. filed a report on April 18 stating a staffer had sent $495,000 overseas to China after receiving an email request purportedly from a company executive, according to The Detroit News.
A story in SCMagazine quoted the Troy Police Sgt. Meghan Lehman who said: “Previously, it was typical for company employees to communicate by email and to make transfers of funds — even overseas, but in this case, someone hacked the account of the sender requesting the funds. And then was days later before anyone questioned the transaction and learned they had been hacked.”
In a case of "horse-barn" Pomeroy Investment Corp has changed their security policies related to making wire transfers only after receiving an email.
If they would have stepped their employees through effective security awareness training, this $500K loss would have been prevented. Find out how affordable this is for your organization and be pleasantly surprised.
