To protect against these attacks, an organization needs an anti-phishing solution capable of detecting BEC attacks via analysis of an email’s body text. All of the attacks outlined here contained no malicious content that would be caught by an antivirus. While some phishing attacks are designed to deliver malware, making an endpoint security solution essential, this is not always the case. The attackers used this information to craft believable emails that tricked their targets into sending money to attacker-controlled bank accounts. A little research into a company revealed the identity of key individuals (CEO, CFO, etc.) and vendors. The costly phishing attacks described here did not require a great deal of sophistication on behalf of the attacker. What does this say about internal controls over assets?”īoth companies reportedly take the view that the incident did not amount to a material event.The Importance of Robust Anti-Phishing Protection “There’s the possibility of reputational damage. “I think companies need to be looking more broadly than that – not just at operational direct loss,” said White. The “material event” in this case may amount to more than the company losing some money, according to White, who was aware of the indictment when she spoke to Fortune, but not the identity of the companies involved. While $100M is not a large sum in the context of the balance sheets of either company, and the bulk of the money was in any case recovered, former Securities & Exchange Commission head Mary Jo White says that this doesn’t necessarily eliminate the need to report the incident. Other times, White said, disclosure may take the form of a press release or a note in the company’s quarterly filings. In some cases, a company must file a public form known as an 8-K with the SEC within four days of learning about it. Such an incident (a “material event” in legal lingo) might include the departure of an executive or a problem with an important product-or a fraud worth tens of millions of dollars When a publicly traded company experiences a significant event, federal securities law requires it to disclose this to investors. However, neither company had disclosed their losses to investors, which Fortune says is leading to questions. Company 1 was described as a ‘multinational technology company, specializing in Internet-related services and products,’ while Company 2 was ‘a multinational corporation providing online social media and networking services.’īoth companies later confirmed they were the victims. The identities of the two companies were initially kept secret, referred to as Company 1 and Company 2, though Fortune notes there were some fairly big clues in the descriptions assigned to them. Google said that all of its money has been recovered, while Facebook said this was true of ‘the bulk’ of its funds, but questions are still being asked of both organisations … By the time the firms figured out what was going on, Rimasauskas had coaxed out over $100 million in payments, which he promptly stashed in bank accounts across Eastern Europe. Over a two-year span, the corporate imposter convinced accounting departments at the two tech companies to make transfers worth tens of millions of dollars. The scam was allegedly carried out by a Lithuanian man, Evaldas Rimasauskas. Google and Facebook were scammed out of a total of $100M by a crook sending fake invoices purporting to be from Taiwanese server supplier Quanta Computer, reports Fortune.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |