The Finance Director of a waste operator had been in discussion with the firm’s accountants about a tax liability bill from the previous financial quarter that needed paying to the Government agency responsible for tax collection, totalling £120,000. As the firm had a transfer cap of £30,000 per day, it was agreed that the payments would be made in four instalments. Before he made the first payment, the Finance Director received an email from who he thought was one of their accountants, requesting a change in account details. As the email seemed legitimate, the Finance Director had no reason to query this and over the course of four days he made the payments and assumed the matter was settled.
Days later, the Finance Director was contacted by the tax collection agency requesting the payment. The Finance Director called the firm’s accountants, and it was then they realised they had been victim of a cyber-attack. A fraudster had used a method called email spoofing, which is when someone sends an email from one email address but labels it as being sent from a different address. In this case, the fraudster had sent the email, appearing as the accountant requesting a change in account details, which seemed completely legitimate. The fraudster was able to set up an identical-looking email address and ensured that the accountant would not see the Finance Director’s responses to the emails to uncover the scam.
As the fraudster was aware that the firm had to make four large payments to the tax collection agency, it was likely that the Finance Director had his account compromised through a credential phishing scam where he would have been tricked into voluntarily handing over his login details, leading to inbox infiltration.
The Finance Director immediately called the banks involved in the transactions however, they were unable to recover the payment as the fraudulent account had been emptied. Despite this, the tax collection company continued to demand the full payment and now the company were down a further £120,000. Fortunately the waste operator had a cyber insurance policy in place with our cyber partner and was therefore able to recover the £120,000, ensuring they were not at loss as a result of the social engineering scam.
To learn more about our Cyber Insurance offering, please click here.