30
CYBERCRIME
Business Email
Compromise
AND THE IMPACT
OF CYBER FRAUD
Imagine one day receiving an email from your
Chief Executive requesting a transfer of $200,000
to a bank account that looks identical to that of
which she has previously requested funds to.
This movement of business funds is no surprise,
as you manage these amounts of money every
day as the business accountant and you’ve sent
a similar amount previously. You diligently send
the funds as swiftly as possible, moving on with
your day-to-day tasks thinking nothing of it.
Two weeks later your financial colleague
notices this transfer of funds, and you mention
the email and the request, however, the CEO
insists that this email was never sent. Finally,
after proving that the email request exists and
checking the bank transfer, you notice a single
digit that differs from previous transfers and
realise you’ve just lost $200,000 to a fraudster.
This rather simple method of email fraud is
known as Business Email Compromise and is a
common day-to-day occurrence across the globe.
Fraudsters penetrate business email accounts
and impersonate members of staff or external
suppliers requesting business funds or an
alteration of invoice details, sending funds to a
bank account that is perceived to be completely
GOVLINK » ISSUE 2 2018
legitimate and expected to be the correct account.
This money is then divvied into various off-shore
accounts and becomes entirely untraceable, along
with the IP address of the fraudster who hacked
your server.
This type of fraud isn’t just typical inside
businesses either. In fact, it’s more common for a
fraudster to gain access to a supplier’s account that
your business uses quite regularly. This fraudster
could then simply impersonate the supplier and ask
for a change of bank account details. All of the
sudden, a business that was previously completely
stable with an excellent history, is transferring large
sums of money on a weekly basis to a criminal,
without any more effort than a compromised email.
A recent example of this kind of fraudulent activity
was the loss of $1 million by John Kahlbetzer, an
Australian businessman and one of Forbes’ top 50
richest Australians. Mr Kahlbetzer, Founder of the
Twynam Agricultural Group, lost the sum after a
fraudster deceived his finance administration team.
A member of Mr Kahlbetzer’s staff then transferred
the money to the account, later stating that it was a
“reasonable amount” for the businessman worth
approximately $950 million to request to be sent to
one of his business partners.