In prior Privacy Perils (dated March 25, 2016, and November 13, 2015) and a client alert (dated February 4, 2015) we warned about the phishing scheme in which an email sender impersonates an actual person, usually a member of company or firm management. The bad actor requests funds be transferred to an account, typically represented to be that of a client or customer which would not seem facially inappropriate. Of course, the account is not that of the client or customer, but one controlled by the phisherman (or phisherwoman). This simplistic scheme has been so widely reported that by now you would think businesses, especially large and sophisticated ones, would be sufficiently educated about and mindful of the risk. Think again. Last week, because the email appeared to come from a top company executive in the German home office, a factory CFO for one of Europe's largest manufacturer of electrical cables and wires fell victim to this scheme and transferred overnight €40 million (~$44.7 million) to a fraudster's account. The shares of the company reportedly fell 5-7 % because of the loss.
Remember, before complying with any email request to transfer money (the company's or your own), always carefully check the email address of the sender before responding (i.e., "@bassberry.com," not "@basberry.com"), and, most importantly, pick up the phone and call the purported sender to confirm the transfer request. A short delay in sending money always beats giving it away.
Check out our series, Privacy Perils, to learn what steps you can take to guard your personal and company data. For more information about this topic and other cyber security concerns, please contact Bob Brewer, Tony McFarland, Elizabeth Warren or a member of our Privacy & Data Security team.