Cyber-criminals are thought to have scammed magazine publisher Bonnier Group out of at least $1.5m after hacking the CEO’s emails, according to a report.
The Swedish-owned firm’s US subsidiary, Bonnier Corporation, has over 600 employees and makes in excess of $200m in revenue – with popular titles including Saveur and Scuba Diving.
Cyber-criminals hacked the corporate email account of then-CEO David Freygang and sent two separate instructions to an employee in accounts payable to transfer large sums to a Chinese bank via electronic transfer, according to the New York Post.
One $1.5m payment went through successfully, but the second transfer last month could be stopped and retrieved in time after the staff member called Freygang to double check its authenticity, it is believed.
“I can confirm an employee at Bonnier fell victim to cyber-fraud in the range of $3m,” new CEO Eric Zinczenko apparently said on his first day in the job on Tuesday.
It’s thought the instructions on the email marked the transfer as urgent and confidential.
“It’s a fairly sophisticated phishing expedition, but we have no idea who was behind it,” Freygang is reported as saying.
Perhaps unsurprisingly, the Chinese bank in question is said to have been un-cooperative in helping the firm get its money back – highlighting the problem of remediating cross-border cybercrime.
There’s no suggestion that the cyber thieves are Chinese, however, as criminal gangs have used banks in the country before to receive illegally obtained funds.
Freygang’s departure is not thought to have been connected to the incident.
Charles Sweeney, CEO of web filtering firm Bloxx, argued the case highlights the continued importance of oft-overlooked email security products.
“The reason that phishing is such a successful tactic is because it apes normality. If you get an email from your CEO you aren’t going to question that you need to open it because, even if they’ve never sent you an email before, it’s the CEO,” he told Infosecurity.
“Hackers play on these odds and use them to their advantage time and time again. Employees need to keep their wits about them and if they are at all suspicious report the email to IT in order to get further guidance about next steps.”