Defrauded 400K! It Can Happen To Anyone

Here’s a recent story from Verne Harnish, the CEO of Gazelles, a business coaching company, about how he was defrauded for $400 000. While travelling in Moscow, Verne went on a public WiFi network to check his email and unbeknownst to him, was hacked. Because he receives alerts from his bank, the hacker(s) could see his account balances and found out transfers were handled through his assistant.

The hacker then sent a series of emails to Verne’s assistant mimicking his style, subject line, and signature, asking her to call in three separate bank transfers. The bank did its job though and flagged one of the transactions, encouraging his assistant to verify it. Since Verne was travelling, she sent an email to set up a call, but the hacker intercepted it and told her to go ahead. All the while the hacker was deleting emails and bank alerts from the server.

As a result, $400,000 was stolen with little chance of recovery. Verne had protections in place, but because of a cost difference he opted to have transfers approved via phone, instead of having them done through a CEO portal requiring two people with dongles. In his own words “The big failure was not thinking it could happen to me!” We’ve heard this logic time and time again. We hope this story has shed some light on why you can never think this way.