Search

Payment Fraud on Local subsidiary of a consultancy

Updated: Mar 10

Client Local subsidiary of a western European consultancy

Situation The supplier instructed our client to make payment to a different overseas bank account after supplying documents confirming the account signed by the head of the department. The compromise was not detected until a few days later, but by then the funds had already been transferred. The supplier had cyber insurance but question arose as to where the compromise occurred.


Action CNS Risk conducted a detailed log analsyis of MS/Office 365's rules, log files, alerts; MS/Azures log files and then set up end point monitoring for a month to see if there was any unexpected traffic. Working with the client and some of its partners, CNS was able to piece together the correspondence to determine the genesis of the scheme and deduce that source of the compromise.

CNS also provided evidence and guidance for filing police reports in 2 countries. It also determined questions to be put both the banking supervising authority and bar association relative to the weak controls exercised by both the bank and the law firm that set up the business front that absconded with the funds.


Results CNS' Cyber Team determined that while some of the correspondence flowed through a spoofed domain, sufficient evidence pointed to the supplier's email being compromised and ultimately as the source of the social engineering.

The partner was asked to forego the outstanding invoice and instead claim back on its Cyber insurance; as well as being a party to police complaint filed overseas.

Further Action The client, now aware of the risks, and that they are now known in the Dark Web community to have fallen prey, are actively scanning for compromises, monitoring their endpoints and doing awareness training.


Duration 4 weeks


Resources employed

One lead investigator, the Cyber Monitoring Team, one overseas resource in the market where the funds were transferred.

CNS RISK
United Kingdom office
2 High Street, Chobham, GU24 8AA UK
Phone: +44 20 3773 4002
email: info@cnsrisk.com
Hungary office 
Vármegye u. 3, 1052 Hungary
Phone: +36 1 411 3602
email: info@cnsrisk.com