Fraud through hacked email accounts
In large companies with many different departments, a lot of the daily communication and decision making is made through emails and phone calls. Mainly, since it would be inefficient if every decision required a physical meeting. Unfortunately, there are weaknesses security wise. A current phenomenon, is companies email accounts being hacked to obtain sensitive information or money.
In a company working with building and developing properties the project manager discovered an outflow of money which did not concur with planned expenses. He/she immediately called the purchasing department asking what the money was for and where it went. The person answering did not know but promised to make sure that the manager of the purchasing department give the project manager a call as soon as possible. A few hours passed and the project manager became aware of one additional payment that had just been made by the purchasing department. He/she called again and this time the manager of the purchasing department picked up, explaining that the money was a payment for new machines that were going to be used in one of the company’s new projects. Furthermore, the purchasing manager told the project manager that it was the project manager who had emailed especially asking for the payment to be wired so that there would be no delays as far as for when the machines would arrive. The project manager explained that he/she never sent an email and now understood that his/her email account had been hacked. The CEO was contacted whom then reached out to us explaining the situation.
Having knowledge about how fast money disappears with very limited chances of retrieving it, our primary focus was to trace the money. Through our immediate action, the company retrieved most of their lost money. In addition, we helped the company implement a better security system regarding purchases to avoid similar situations in the future.