Help

BI’s Article search uses Boolean search capabilities. If you are not familiar with these principles, here are some quick tips.

To search specifically for more than one word, put the search term in quotation marks. For example, “workers compensation”. This will limit your search to that combination of words.

To search for a combination of terms, use quotations and the & symbol. For example, “hurricane” & “loss”.

Login Register Subscribe

Nine companies lost $1 million or more apiece to cyber fraud

Reprints

The U.S. Securities and Exchange Commission report issued last month investigated whether public issuers who were cyber fraud victims violated federal securities laws because of inadequate internal accounting controls.

The nine unidentified firms discussed in the report, who have not been charged by the SEC, lost at least $1 million each. They included one that made 14 wire payments requested by a fake executive that resulted in more than $45 million in losses before the fraud was uncovered by a foreign bank.

Another company paid eight invoices totaling $1.5 million over several months because of manipulated email, and only discovered the theft when the real vendor complained about past-due invoices.

The frauds, which cut across all industry sectors, are of two types. The first are emails from fake executives that directed companies’ finance personnel to work with a purported outside attorney who then had them wire large amounts

to foreign bank accounts controlled by the perpetrators. “These were not sophisticated frauds in general design or the use of technology,” said the report.

The second, more sophisticated, technique required intrusion into foreign vendors’ email accounts. After hacking into these accounts, the criminals inserted illegitimate requests for payments into what were otherwise legitimate transaction requests.

All the firms had procedures requiring authorizations for payment requests, but these were interpreted by personnel to mean electronic communications were sufficient for them to proceed with the criminals’ directions.

The firms later bolstered their payment authorization procedures and verification requirements, according to the report.

 

 

Read Next

  • SEC signals tougher stance on cyber security

    A U.S. Securities and Exchange Commission report detailing cases of cyber-related fraud that stemmed from lax internal accounting controls is a warning to firms that the agency will levy fines in the future, experts say.