The Cybercrime Files- Case # 102: The $50,000 Email!

/in , /by

*This is a true account of a local cybercrime. However, the names of the victims and businesses have been changed to protect their identities. To learn more about Cyber Security Services in Akron, OH click here.

INVESTIGATIVE REPORT

OFFENSE: Email Hacking & Wire Fraud

VICTIM:  Property Management Company

LOCATION: Cuyahoga Falls, OH

DATE: 12-21-18

LEAD INVESTIGATOR: Patrick Carroll

NOTES: The moment I arrived on scene both the CEO and CFO of the property management company asked me the same question: “how in the world did this happen to us?” The harsh truth, I told them, is that cyber criminals are getting wiser and more deceitful by the day. As soon as you let your guard down, they’re right there to take advantage.

According to the CFO here’s what went down:

The CFO received and urgent email from the CEO asking that he wire $50,000 immediately into a client’s account. The CEO wrote in the email that he was in a meeting and didn’t have time to wire the money himself.

Not wanting to question his boss or bother him during an important meeting, the CFO made the transfer. Later that day the CFO ran into the CEO and let him know the wire transfer went through. “What wire transfer?,” the CEO asked. Right then the CFO knew he had made a huge mistake.

FINDINGS:

  • Someone hacked into the CEO’s email and monitored his incoming and outgoing email communications.
  • Using the CEO’s email (as well as his style of writing) the hacker emailed the CFO and asked him to wire the money.
  • Because the email was sent from the CEO’s “secure” email, the CFO deemed it to be legit.
  • The CFO wired the money to a bank account provided by the CEO (aka, the hacker).

FORTUNATELY…

Because it was such a large sum of money, the wire transfer had not yet cleared when the CFO realized his mistake. He was able to cancel the transfer and get back the $50,000 before it was gone forever.

LESSONS:

Always be on the lookout for email scams!

If you receive an email from someone you don’t know, or even from someone you do know that looks suspicious, don’t assume anything! Often referred to as phishing scams, hackers will pose as friends, family members, or charitable organizations requesting that you send them emergency funds. They will also use email to upload software into your computer that gives them access to your accounts, passwords, and sensitive data.

In addition, these same emails will often contain ransomware and other programs that can lock you out of your data. The hacker will then ask you to send money to get your own data back! More on this in our next blog post!!!

Read Cybercrime Files #103 to learn about a real life identity theft case >>

Check out this page for some of the latest email scams to look out for.

 

The Cybercrime Files- Case #101: The Art Burglars

/in , /by

*This is a true account of a local cybercrime. However, the names of the victims and businesses have been changed to protect their identities. To learn more about Cyber Security Services in Akron, OH click here.

INVESTIGATIVE REPORT

OFFENSE:  Burglary & Data Theft

VICTIM:  JT’s Fine Art Gallery

LOCATION:  Akron, OH

DATE:  12-11-18

LEAD INVESTIGATOR:  Patrick Carroll

NOTES: I arrived at the scene shortly before 10am to meet with gallery owner, JT Clark.

Clark was understandably shaken at the events that had transpired. Clark told me that he had received a telephone call from local police informing him that several of his clients recently had irreplaceable works of art stolen from their homes. Clark was shocked when authorities informed him that his gallery’s IT Network may have played a significant role in these burglaries.

Clark explained that police discovered documents in a suspect’s apartment that listed the estimated values of all art brought into JT’s gallery to be appraised. The appraisals also included information such as customers’ addresses and occupations.

FINDINGS: It did not take long me long to uncover that hackers had infiltrated the gallery’s network (where all appraisals are stored) and stolen sensitive customer data.

Because Clark did not have the proper security measures in place, hackers were able to use automated software to steal employee usernames and passwords. Hackers then logged into Clark’s network and were able to view all appraisals.

The suspects then identified customers who brought in the most valuable pieces of art, wrote down their addresses, and then broke into their homes to steal their art collections.

PREVENTION: To protect Clark’s Network from being hacked again, we put the following security measures in place:

#1: Multi-Factor Authentication: Clark and his employees used simple passwords that were easy to steal. In order to protect them from future hacks we set up multi-factor authentication for all applications, networks, and servers. (Learn more about Multi-Factor Authentication here).

#2: Installed Proper Firewalls

#3: Did a complete network security overhaul and advised Clark and his staff on proper security practices as well as tips on prevention and detection.

CONCLUSIONS: Small businesses like Clark’s often don’t have the necessary security measures in place because they think they’re “too small” to be a target.

In reality, this can’t be further from the truth. Akron Cyber criminals will intentionally target smaller companies because they are frequently easier to hack and don’t believe it can happen to them. JT’s Gallery is just one of many cases we have seen like this.

This crime could have easily been prevented had the proper security measures been put in place. Please, don’t jeopardize your business or your customer’s safety by being complacent with your data protection practices. Data theft really can happen to anyone, including you!

 

Want to learn more? Read Cyber Crime Files Case #102 to learn more about email scams >>

Is your company a target for cyber criminals? Take our free Cyber Security Audit to find out!