In just a few emails, SS&C Technologies Holdings, a financial services software firm in Windsor, Connecticut, lost $5.9 million. What’s worse, the stolen money belonged not to SS&C, but to one of their clients.
On March 3, 2016, Chinese hackers began impersonating Tillage Commodities Fund, a client of SS&C, and sent emails to the company with requests for wire transfers of various amounts. The hackers made off with almost $6 million before the scam was uncovered, and the staggering loss forced Tillage to shut down operations. As for SS&C, in addition to a tarnished reputation, their CEO was fired, and the company now faces a $10 million lawsuit by Tillage.
The FBI refers to this type of scam as “Business Email Compromise,” though you may know it by its more common title of “CEO Fraud.” To conduct this scam, cybercriminals imitate legitimate business emails to trick companies into authorizing wire transfers or releasing classified tax documents. This scam is easier to pull off than you might believe. Between January, 2015, to June, 2016, the FBI reported a 1,300 percent rise in losses from CEO Fraud, reaching a total of $3 billion. Only 4 percent of those losses were recovered.
A company’s CEO isn’t always the only target of a CEO fraud. In many cases, criminals will send fraudulent emails pretending to be from your finance department, human resources, executive team, or the IT Manager, due to the financial advantage associated with the position. However, should any member of your team fall for a scam, it’s important to remember the CEO is expected to take responsibility for the incident. It’s a CEO’s job to protect their company’s assets and reputation. Failing to do so can lead to legal action and termination, as was the case with SS&C Technologies Holdings.
In the SS&C loss, investigators determined the scam could have been avoided altogether had SS&C’s employees been made more aware of the threat CEO fraud and many other scams pose to their company. This is often the case in CEO fraud, as end-users are the weakest part of IT security.
End user training can mean the difference between spotting a scam right away and losing millions. Teach your employees the red flags they need to watch for and why alertness must be second nature by calling 804-730-2628 to enroll in Sklar Technology Partners’ end-user training program today.