get in touch

Payment Fraud on Local subsidiary of a consultancy

February 20, 2020

Payment Fraud on Local subsidiary of a consultancy

Updated: Oct 5, 2021

Local subsidiary of a western European consultancy

The supplier instructed our client to make payment to a different overseas bank account after supplying documents confirming the account signed by the head of the department. The compromise was not detected until a few days later, but by then the funds had already been transferred. The supplier had cyber insurance but question arose as to where the compromise occurred.

CNS Risk conducted a detailed log analsyis of MS/Office 365’s rules, log files, alerts; MS/Azures log files and then set up end point monitoring for a month to see if there was any unexpected traffic. Working with the client and some of its partners, CNS was able to piece together the correspondence to determine the genesis of the scheme and deduce that source of the compromise.

CNS also provided evidence and guidance for filing police reports in 2 countries. It also determined questions to be put both the banking supervising authority and bar association relative to the weak controls exercised by both the bank and the law firm that set up the business front that absconded with the funds.

CNS’ Cyber Team determined that while some of the correspondence flowed through a spoofed domain, sufficient evidence pointed to the supplier’s email being compromised and ultimately as the source of the social engineering.

The partner was asked to forego the outstanding invoice and instead claim back on its Cyber insurance; as well as being a party to police complaint filed overseas.

Further Action
The client, now aware of the risks, and that they are now known in the Dark Web community to have fallen prey, are actively scanning for compromises, monitoring their endpoints and doing awareness training.

4 weeks

Resources employed

One lead investigator, the Cyber Monitoring Team, one overseas resource in the market where the funds were transferred.