Situation: An employee of a company received an automated email notification from their online banking account alerting them that an outgoing wire transfer request had been initiated. The employee had not initiated a wire transfer and immediately contacted their Bank to stop the transfer. Once the transfer was stopped, it was determined that the employee had been a victim of a man-in-the-middle phishing scheme and keylogger virus which allowed a hacker to obtain their username, password, and token information. That information was then used to log into their online banking account and initiate a wire transfer in the amount of $98,756 to a business located in a foreign country. It was determined that not only was the fraudster able to gain access to the username, password and token information, they also redirected the out-of-band authentication of an automated phone call to the employee from the Bank which was used to verify the transaction. Because the wire was stopped before being transmitted there were no losses to the Bank or to the employee.
Potential loss: The potential loss here is $98,756, including confidential account information obtained through online banking such as account number and balance(s). Additionally, employee time to contact law enforcement, close the compromised account, open a new account, contact existing vendors with automated payments of new account, and hiring of IT team to perform a network scrub and analysis of breach.
Defense: This situation’s best defense is to educate employees to not click on emails and links within emails in which the sender is unknown. Have dual control in place for one person to submit request for payment with a second person to verify the source document and approve payment. Email alerts generated from online banking such as password changes, an indicator that a payment has been originated and approved, a new user has been set up, and a way to receive transaction and balance alerts. Complete scrub of victim computer and review by IT forensic team.