Dodgy zoom link brings down business
Date published
November 2020
Relevant impacts: Financial impact, industry impact, human impact, reputational damage and security impact
A Sydney hedge fund collapsed after a manager's business email was compromised.
Hackers used a dodgy Zoom invitation as a lure to commit the fraud. When the manager clicked on the Zoom link, it installed malware onto his computer and gave hackers access to his emails. The hackers then used the email to request transfers to shell companies and send over $8.7 million worth of invoices.
$7.5 million worth of the fraud was stopped before it was diverted from the business but the company suffered severe reputational damage that resulted in its ultimate collapse.
Related fraudster personas
Related countermeasures
Train and support staff to identify red flags to detect fraud, know what to do if they suspect fraud and know how to report it. Fraudsters can take advantage if staff and contractors are not aware of what constitutes fraud and corruption.
Limit access to systems, data, information, physical documents, offices and assets.
Limit access to sensitive information and records.
Make sure sensitive or official information cannot leave your entity's network without authority or detection.
Use system workflows to make sure all requests, claims or activities are approved only by the appropriate decision-maker.
Fraud detection software programs automatically analyse data to detect what is different from what is standard, normal or expected and may indicate fraud or corruption.
An incident response plan outlines how an entity will respond to a fraud incident.
Coordinate disruption activities across multiple programs or entities to strengthen processes and identify serious and organised criminals targeting multiple programs. It can also include referrals to law enforcement agencies for those groups that reach the threshold for complex criminal investigations.
Submit a case study
We'd like to hear from you if you have a case study to share.