A British hedgefund lost more than a million dollars in a social engineering attack on their Chief Financial Officer Thomas Meston, and there is an expensive court case going on because of this. The attack vector was the phone, late Friday afternoon as he was getting ready to go home. More and more, cyberheists take place on Friday afternoons because people's attention is already on the weekend.
The CFO of Fortelus Capital Management LLP was called by someone who impersonated an employee of Coutts, their bank. The scammer claimed there might be fraudulent activities going on. The CFO was relucant at first, but ultimately decided to generate serveral codes using their smartcard security system to block 15 potentially fraudulent transactions. Then the CFO came back in the office on Monday, he found out that 742,668 pounds had disappeared.
He called the bank, but the bank told him no one had called on Friday. The CFO got fired because of this incident, and his employer claims negligence, Bloomberg reports The CFO is now also sued by the fund. basically for falling for a scammer's trick.
‘Weakest Link’
“People are always the weakest link,” said Jason Ferdinand, a director at Coventry University who runs the U.K.’s first cyber security MBA course. Employees “often assume that they do not have to think about security because a machine or software is doing it for them.”
Friday Afternoon Scam
Hedge funds are not the only victims of a “Friday afternoon scam.” Zurich Insurance Group AG warned in May that law firms were targeted by fraudsters impersonating bank staff that asked for access to accounts, often late on a Friday.
Security Awareness Training
These types of attacks are often using spear-phishing attacks, sometimes the phone, and sometimes combinations of both. Employees need to be stepped through effective security awareness training so that they do not fall for scam tactics like this. Find out how affordable this is for your organization, and be pleasantly surprised.
Related Pages: Social Engineering
