The recent hacking and defrauding of Gazelles “The Scaling Up Guys” of $400,000 is yet another case that points up the need to have the maximum amount of cybersecurity (and cyber safety awareness) in relation to your computer networking vectors as possible. It all began on the morning of October 11 when Verne Harnish, the syndicated “Growth Guy” of Gazelles was on an unsecured public network prior to giving the day’s closing keynote speech at the Atlas business Forum in Moscow. Harnish believes that’s when his account was hacked, as he had just given instructions to his assistant to wire a substantial amount of funds to an account in Spain, prompting the hackers’ algorithm to scan for vulnerabilities and opportunity to steal the funds. It wasn’t until that Thursday (2 days later), though, that the actual theft of the $400K was detected.
How It Happened
Apparently the hackers – likely based in China, as they had the money wired to Hong Kong – sent an email to Harnish’s assistant imitating his communicative style, subject line, and signature, asking her to wire funds to 3 different locations. It didn’t seem strange to the assistant because Harnish was then involved with funding several real estate and investment ventures. The assistant responded back in the affirmative, and the hackers posing as Harnish replied in kind, effectively defrauding him (in a couple of moves) of $400,000.
Bank Alerts Deleted
The hackers also deleted Harnish’s daily bank alerts which he didn’t notice since, as he says, “I was busy with meetings in Moscow and/or travelling. Anyway, my assistant calls in the wire transfers because our bank had suggested that calling in was less costly in terms of exchange rates and fees when wiring internationally – but much less safe than using our CEO Portal which requires two people with dongles to approve (penny wise, pound foolish).” With the call-in, the assistant’s voice was verified, and then they called her back to confirm. “Dumb process,” said Harnish. “My fault and the bank’s for thinking that this is a sufficient ‘dual’ response.”
The Day “Almost Saved”
To the bank’s credit they did flag one of the three transactions to Hong Kong and suggested to Harnish’s assistant that she call him to verify them. She emailed Harnish asking when they could talk while he was on the road. Unfortunately, the cybercriminals intercepted this email and replied, again in Harnish’s style, that he was busy travelling, “that the transfer was good, and to get the bank to send,” in Harnish’s words. The emails were subsequently deleted (they were, however, able to recover all the deleted emails on the server to confirm they had been sent and received, and that the bank alerts were erased).
A Pricey Lesson Learned
Although the likelihood that Harnish will ever see his funds again are close to zero, there is a valuable lesson in his cyber-fraud debacle: He will now think twice and once again about the verifications and confirmations on such big wire transfers; he’ll also no longer operate with the thinking, “It can’t happen to me”; and when on the road away from HQ, he’ll never use unsecured public networks to do big business again. Harnish (and anyone familiar with his story) has gained extreme clarity on how and when to do big financial transactions (certainly not while on unsecured Wi-Fi networks, and especially not without in-person meetings with assistants, confirmations, etc.!).
Need Help with Your Cybersecurity Strategy?
If you need assistance in optimizing your cybersecurity strategies, you should speak to a cybersecurity specialist at Fuelled Networks, which is a proven leader in providing IT consulting in Ottawa. Contact one of our helpful IT experts at (613) 828-1280 or send us an email at email@example.com today, and we can help you with any of your questions or needs.
Published On: 2nd November 2016 by Ernie Sherman.