
American company lost $100M to email fraud, U.S. says - Oatseller
http://www.reuters.com/article/us-cyber-fraud-idUSKCN0XB2US
======
eitally
For all I know, they're talking about my previous employer (Sanmina). In
electronics manufacturing, the economy is truly global and we had on average
about 6,000 active suppliers at any point in time. It would have been (and
was) trivial for someone to spoof a supplier's email and change bank routing
information or send an illegitimate invoice. If the Accounts Payable and plant
+ corporate controllers aren't paying attention and reconciling invoices to
orders, things like this will happen.

I feel bad for companies that fall for it, but at large publicly traded
companies there's really no excuse. This is easily avoidable through process
diligence & training.

~~~
Pitarou
Totally agree.

The medium has changed, but this kind of fraud is as old as the hills, and
there are long established procedures designed to prevent it. It's the very
first thing they teach in Business Accounting 101.

------
tacos
It's actually not that uncommon. The scam can be as simple as: "please wire
money to XXX" sent to the right underling from his boss on a weekend. All data
mined from LinkedIn. Personally aware of multiple $10-20MM scams. The recovery
here seems high. I've heard much worse.

------
pcurve
I think this happens more than most IT folks here would believe, especially at
small to medium businesses that have suppliers overseas. Something similar
happened to my brother's employer, and they lost $100k because an employee
simply didn't double check the routing number.

Most small businesses are run by non-tech savvy people, employing relatively
non-tech savvy people. What people on this board consider common sense
security procedures aren't so common sense to all.

------
chrischen
Email is an amazingly insecure protocol that we rely on. Relatively hard to
verify senders, complex cumbersome protocol, by default most clients send the
_whole thread_ back in a reply.

------
55555
Must be nice to be a protected multinational. Small businesses that fall for
these scams are just told to fill out a complaint form with the FBI. They dont
get their money back.

------
thesis
I wonder why the company isn't named? Does the US even care about all the
money being sent to my long lost relative in Nigeria or only when a big
company loses money?

~~~
55555
No, they don't. Citizens and small businesses lose tons to VAF (victim
assisted fraud) and are on their own.

