When hackers broke into the email account of a New Zealand grape-grower with the intent of stealing NZD $90,000 (approximately US $70,000) their plan came so very close to fruition.
As Stuff New Zealand reports, it was only because of the careful eye of Kathryn Walker, the general manager of Marlborough Vintners (who – notably – previously had a 12-year career in commercial banking), that something amiss was noticed in the email received from supplier Annie Giles.
You see Annie Giles is described by Walker as “quite an exuberant person”, reflecting the sunniness of wine-growing Marlborough, located in the northeast of New Zealand’s South Island.
What does Walker mean by describing Annie as “exuberant”? Well, she means that Annie typically peppers her email communications with smiley faces and jolliness.
And yet the email “Annie” had sent to Marlborough Vintners, informing them that her bank account had been “put under review” and that payment would need to be made into a different account, had none of that.
The formal language used in the message, the fact that a partner had not been copied on the email, and the lack of a smiley at the end of the email, rang alarm bells that it couldn’t have been the real Annie who had sent it.
The truth was that hackers had compromised Annie’s email account, snooped on her past business communications, and attempted to trick a company (Marlborough Vintners in this case) into paying money into a crooked account.
Police continue to investigate the case.
Many companies would not have been as lucky as Annie and Graeme Giles, and payments intended for them could have been sent to bank accounts under the control of criminals. As we have previously described, such scams can cost companies many millions of dollars.
Indeed, last year the FBI reported that companies had been stung to the tune of US $3 billion as a result of business email compromise attacks and that there had been a 1300% increase in identified losses since January 2015.
The problem, if anything, has got even worse since then.
With October being National Cyber Security Awareness Month (NCSAM) there has never been a better excuse for finally tightening your company’s email security.
As a minimum, harden your email defences by ensuring that you use unique, hard-to-crack passwords and enable multi-factor authentication on your accounts.
More advice for implementing a password security policy in the workplace can be found in this article we published last year.