Robinson Bradshaw Recovers $1M+ for Cybersecurity ClientPDF
Robinson Bradshaw successfully recovered $1.32 million for a client that was the victim of a business email compromise (BEC) scheme. After receiving a spoofed email posing as one of the company's suppliers, an employee was tricked into changing the bank account information for the supplier to a fraudulent account. Approximately $1.5 million was paid to the fraudulent account before the scheme was discovered.
Robinson Bradshaw attorney and former federal cybercrime prosecutor Allen T. O'Rourke worked with the FBI as well as the banks for both the client and the fraudulent account. His efforts led to the successful recovery of $1.32 million from multiple money laundering accounts to return back to the client.
A major cyber threat impacting all types of businesses, BEC schemes cost organizations an estimated $1.77 billion in losses in 2019 based on incidents reported to the FBI. In addition, the FBI issued a recent alert regarding an increase of BEC schemes to trick employees with messages related to the COVID-19 pandemic. Here are specific recommendations for those who may be targeted by BEC schemes:
- Be skeptical of any last-minute changes in wiring instructions or recipient account information, especially if they are communicated by email with unexplained urgency.
- Verify any changes and account information using contact information already on file. Do not use the phone number provided in the email correspondence requesting the change.
- Ensure email addresses and hyperlinks are in fact associated with the business they claim to be from. They could have minor variations or misspellings, such as a lowercase "L" replaced with an uppercase "i." If possible, businesses should implement technical safeguards to detect and quarantine such malicious emails and hyperlinks.
- Verify the email address used to send emails by checking to ensure the address being used matches the email address of the named sender, especially when using a mobile or handheld device that previews a sender's name without displaying the email address.
If you discover that your company has misdirected a money transfer because of a fraudulent email, usually there is only a limited period of time when you can reasonably hope to freeze the funds before they are laundered out of reach. Thus it is critical for organizations not only to have technical and administrative safeguards in place to prevent BEC schemes, but also to respond quickly if and when one is discovered to try to recover the stolen funds. When your company encounters cybersecurity issues, including email fraud, contact Robinson Bradshaw for assistance.