It’s 2018 and there are still morons

I’ve written about email-based fraud before. I cover it in every talk I give. It’s in our 20-minute guide to cyber-security. It’s in our October newsletter. It’s made the mainstream news. But whether you call it spear-phishing, whaling or “business email compromise” it seems that all the training in the world just can’t help some people.

In this case the CEO and CFO of the Dutch subsidiary of Pathé were taken in by an elementary email fraud. To the tune of almost 20m€. Twenty. Million. Euros.

What did it take to get this lottery-sized jackpot? Seven emails. Not even a fake lawyer behind a fake phone number – like in the Scoular case. Just seven emails. No hacking. No “penetrating the firewall“. A bit of research on LinkedIn, seven emails, and the astonishing incompetence and credulity of two very senior managers. Managers who even thought it was a bit odd, and emailed each other to say so, but still sent the money.

So if you think you’re too smart to need help, or that you can’t afford to slow down your treasury function by introducing stuctured, mandatory validation processes, then the criminal community thanks you from the bottom of its black and withered heart. After all, someone has to keep them in Cristal and Bentleys.

Thanks to Patrick von Sychowski of Celluloid Junkie for bringing this to my attention.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.