The latest scam targetting business email domains shows that hackers are increasingly looking to exploit human error for profit… and it’s working. To ensure your business doesn't fall victim, click here for a free ISO 27001 Information Security Management System checklist.
Japanese media giant Nikkei has admitted a business email compromise (BEC) eventuated with the company losing $29 to scammers following ‘human error’. Nikkei is one of Japan’s largest media companies, owns the Financial Times, and is based in Tokyo.
According to media reports and a public statement offered up by Nikkei, scammers successfully pulled-off a BEC attack that resulted in the company transferring $29 million to a fraudulent account masquerading as a legitimate business account.
Scammers targetted vulnerable employees at Nikkei who authorised the transfer, thinking they were acting in-line with company procedures. However, as the company soon realised, the reality was far from a legitimate business transfer and they had actually transferred a large sum of money that the company is unlikely to see again- all through human error.
In a statement, Nikkei said that “in late September 2019, an employee of Nikkei America, Inc… transferred approximately $29 million Nikkei America funds based on fraudulent instructions by a malicious third party who purported to be a management executive of Nikkei.
“Shortly after, Nikkei America recognised that it was likely that it had been subject to a fraud, and Nikkei America immediately retained lawyers to confirm the underlying facts while filing a damage report with the investigation authorities in the US and Hong Kong”
“The FBI estimates that attacks like this cost organisations at least $1.3 billion a year”
“Currently, we are taking immediate measures to preserve and recover the funds that have been transferred, and taking measures to fully cooperate with the investigations,” the company concluded.
Nikkei is far from the first large company to be targetted by a BEC scam, with Facebook and Google both falling victim to making money transfers to fraudulent accounts for the sum of $99 and $23 million respectively. The FBI estimates that attacks like this cost organisations at least $1.3 billion a year, almost half the total losses reported to the agency.
Nor is it the only Japanese firm to be hit by cybercriminals in recent years- in 2008, American bank Lehman Brothers sued the Marubeni trading house for $352, citing fraud.
According to HackRead, “The loss is definitely a big blow to Nikkei as the company is already experiencing a considerable decline in sales. Reportedly, in recent years it has recorded a 20% year-on-year decline in its net profit to £36m/¥5.1bn. Nikkei, which is also responsible for the Nikkei 225 stock index, is taking necessary steps for recovering the lost funds.”