A leading Japanese car parts manufacturer has become the latest corporate victim of Business Email Compromise (BEC), after revealing losses of four billion yen ($37.3m).
Toyota Boshoku Corporation, a subsidiary of the Toyota Group, sells seats, textile components, interior lights and other parts.
However, on August 14 its European subsidiary was duped into making a large fund transfer outside of the company, it revealed in a news release.
“Recognizing the high possibility of criminal activity, we promptly established a team comprising legal professionals, then reported the loss to local investigating authorities,” it explained. “While cooperating in all aspects of the investigation, we are devoting our utmost efforts to procedures for securing/recovering the leaked funds.”
Few other details have been released at present while the investigation is ongoing, but the company said it may need to amend its March 2020 earnings forecast if it has not been able to recover any of the funds.
Javvad Malik, security awareness advocate at KnowBe4, argued that BEC is fundamentally predicated on socially engineering the victim into making the money transfer.
“The first step should be raising awareness amongst staff of these attacks, particularly those who work in finance or have the ability to set up new payments or amend existing ones,” he added.
“Secondly, and perhaps more importantly, procedures need to be in place which prevent one user from being able to authorize or create a new payment. Rather, segregation of duties should be put in place whereby more than one user approval is needed to initiate payment, as well as having established and trusted mechanisms through which any requests can be queried.”
According to FBI figures, BEC scammers made around $1.3bn in 2018, around half of the total reported losses ascribed to cybercrime during the year.
A separate report from the US Treasury earlier this year claimed attacks on US victims alone made cyber-criminals $300m each month in 2018.