$1.5M Cyber-Heist Typifies Growing Threat
Efficient Escrow of California was forced to close its doors and lay off its entire staff when cybercriminals nabbed $1.5 million from its bank account. The thieves gained access to the escrow company’s bank data using a form of “Trojan horse” malware.
Once the hackers broke in, they wired $432,215 from the firm’s bank to an account in Moscow. That was followed by two more transfers totaling $1.1 million, this time to banks in Heilongjiang Province in China, near the Russian border.
The company recovered the first transfer, but not the next two. They were shocked to discover that, unlike with consumer accounts, banks are under no obligation to recoup losses in a cybertheft against a commercial account. That meant a loss of $1.1 million, in a year when they expected to clear less than half that. Unable to replace the funds, they were shut down by state regulators just three days after reporting the loss.
Net result? The two brothers who owned the firm lost their nine-person staff and faced mounting attorneys’ fees nearing the total amount of the funds recovered, with no immediate way to return their customers’ money.
Avoid Getting Blindsided
While hacks against the big boys like Target, Home Depot and Sony get more than their share of public attention, cyber-attacks on small and medium-sized companies often go unreported and rarely make national headlines.
Don’t let this lull you into a false sense of security. The number of crippling attacks against everyday businesses is growing. Cybersecurity company Symantec reports, for example, that 52.4% of “phishing” attacks last December were against SMEs—with a massive spike in November. Here are just a few examples out of thousands that you’ll probably never hear about:
Green Ford Sales, a car dealership in Kansas, lost $23,000 when hackers broke into their network and swiped bank account info. They added nine fake employees to the company payroll in less than 24 hours and paid them a total of $63,000 before the company caught on. Only some of the transfers could be canceled in time.
Wright Hotels, a real estate development firm, had $1 million drained from their bank account after thieves gained access to a company e-mail account. Information gleaned from e-mails allowed the thieves to impersonate the owner and convince the bookkeeper to wire money to an account in China.
Maine-based PATCO Construction lost $588,000 in a Trojan horse cyber-heist. They managed to reclaim some of it, but that was offset by interest on thousands of dollars in overdraft loans from their bank.
Why You’re a Target—And How to Fight Back!
Increasingly, cyber thieves view SMEs like yours and mine as easy “soft targets.” That’s because all too often we have:
1. Bank accounts with thousands of dollars.
2. A false sense of security about not being targeted.
3. Our customers’ credit card information, social security numbers and other vital data that hackers can easily sell on the black market.
If you don’t want your company to become yet another statistic in today’s cyberwar against smaller companies, and your business doesn’t currently have a “bullet-proof” security shield, you MUST take action without delay—or put everything you’ve worked for at risk. The choice is yours.
Immediate Action Items
Here are three things you can do right away:
1. Remove software that you don’t need from any systems linked to your bank account.
2. Make sure everyone with a device in your network never opens an attachment in an unexpected e-mail.
3. Require two people to sign off on every transaction.
Let Us Help
When it comes to defending your data, whether it’s bank account information, customer and employee records or proprietary intellectual property or processes, do not take chances.
I hope you will find this post informative and useful. I am looking forward to hearing your comments. That’s all I have for today, until next time make it a great day!