The $1 Million Phone Call: The Rise of Social Engineering and “Super Fund” Fraud
July 10th, 2015
As an executive working in the fraud and risk area, I have learned over time what fraudsters really like: accelerated money movement, “super funded” accounts, and last but not least an island in the South Pacific.
Last week, it was reported that a finance chief at a London-based capital management group was social engineered late on a Friday afternoon by a fraudster over the phone stating they were from his bank – presenting an urgent request for information to aid in stopping fraud. The caller requested the payments to be canceled, but in that process the fraudsters obtained enough information to move over a million dollars out of his company’s account and into their hands without a trace.
This social engineering of these and similar accounts adds to the increasing and relentless rise of Business Email Compromise Fraud, commonly referred to as BEC Fraud, occurring with large and small commercial banking accounts and other corporates. These C- Level e-mail hacks, when combined with social engineering, are now so common at this point that critical law enforcement bulletins have been sent out to address these attacks. Businesses and banks are suffering losses in the millions of pounds and/or dollars.
What are seeing clearly here is a trend that should serve as a wake- up call for pension funds, capital management firms, commercial and private banks, and other corporates, that fraudsters are looking now for much bigger pay days and new targets. These fraudsters are skilled, and understand your business in depth — enough to pull off “a big diamond heist” without leaving their armchair.
Raising awareness, providing education, along with creating policy and a clear strategy for a range of cyber and fraud attack vectors for “Super Fund” businesses, is no longer a discussion to be saved “for later”.
The following are some suggestions for organizations getting started or refining their cyber and fraud strategy:
- Designate an executive leader for cyber and fraud strategy, one who has direct access to the Board or other prime steering committees of your organization.
- Understand both your policy and technology gaps, and ensure that the basics of detection and prevention are in place.
- Understand that the level and type of threats have now taken a step change, and that it is no longer “business as usual” for fraud for Super Funds.
- Form confidential but intentional industry level intelligence sharing — cyber hackers and fraudsters not only target your organization but just about everybody else’s, too.
- Call the experts in. Particularly if your program is new, get the expert advice you need early in order to get your ”next generation Super Funds” fraud prevention and detection strategy up and running now.
It is my hope, that no headline news flash causes a re-visit to my blog today with an update about a catastrophic loss that could have been prevented, but I am sure somewhere globally that might be the case. Maybe all the interested C Levels, Board members, and Advisors can now have that cyber and fraud strategy planning day on an island in the South Pacific, and take over the best spots on the beach before the hackers and fraudsters do.