A Business’s Biggest Nightmare: 400k Stolen From A Cyberattack. You Can Be Next!

A Business’s Biggest Nightmare: 400k Stolen From A Cyberattack. You Can Be Next!


Here’s a blast from the past that will get you thinking.

This story is about Verne Harnish, the CEO of Gazelles - a business coaching organization, and how he was defrauded $400,000 in 2016.

Verne was travelling in Moscow to be the keynote speaker at a business forum, when his bank account was drained by a cyber criminal. Verne had to access his email, so like many people do while travelling, he connected to a public WiFi network. In the process a cyber criminal intercepted his email, skimmed through it, and found out that he receives bank alerts which include his account balance. By going through his emails, the hacker(s) could see that Verne often asks his assistant to transfer funds, and that he was already in the process of transferring funds to an account in Spain.

The hacker(s) impersonated Verne and sent emails to his assistant requesting her to make three bank transfers. The hacker(s) used Verne’s previous emails as a reference, and mimicked his writing style, subject line, and signature so his assistant would be none the wiser. The hacker(s) also covered their tracks by deleting these emails, and the alerts from Verne’s bank account.

The bank called Verne’s assistant to verify these requests, and even flagged one of the wire transfers. Verne was almost saved. The bank suggested his assistant contact him and confirm the requests. Since he was travelling, she sent an email to set up a call. Unfortunately, the hacker intercepted it and replied indicating that “he” was busy, and that she should go ahead with the transfer process.

As a result, Verne’s business was defrauded $400,000. And because his assistant confirmed the transfers Verne will never see any of that money again. Although security features were used, he opted for a less secure means of confirmation from the bank, and it ended up costing him big time. He decided to have transfers approved via phone, rather than having them done through a CEO portal requiring two people with rotating dongles. In his own words “The big failure was not thinking it could happen to me!”. This story is a perfect example of why you need to be aware of where and when you access confidential information. Protecting your banking information should be one of your greatest concerns, so don’t skimp on technology spending. If you make these mistakes, you could be facing your biggest nightmare.

For tips and tricks on conducting banking safely online, watch our YouTube video. These 6 best practices ensure your financial data stays secure against hackers and cybercriminals.

Read our blog post “3 Deadly Mistakes You’re Making By Being Cheap With Technology”. This article sheds some light on how being cheap with technology ends up costing your business more in the long term.