Case: Email Compromise

Client Challenge

When the CFO of a private Multi-Family Office returned to her desk after lunch, the top of her inbox included an email from a senior member of one of the client families marked ‘High Importance.’ The subject line read “Immediate Wire Transfer Required,” a request that struck the CFO as somewhat unusual, however, the sender’s email address and writing style – including knowledge of internal processes – all looked normal and above board. The email from the family member also indicated he would be unavailable for the next 24 hours – due to his remote location – and would therefore be unable to respond. All of this aligned with the CFO’s knowledge of his travel schedule. The CFO facilitated the 6-figure wire transfer to the requested offshore account and resumed her normal activities. Several weeks later, the CFO had a regularly scheduled meeting with the family member. After the first few minutes passed discussing the Caribbean vacation, both individuals turned to business items and quickly discovered, after an awkward exchange of confused looks, that they were the victims of a well-orchestrated fraud scheme.

Due to the significant amount of the lost funds, the CFO immediately sought assistance from Banyan Cyber. Our cybersecurity specialists were able to conduct a rapid investigation to determine how cyber criminals compromised the email account of the family member, allowing them to effectively impersonate the family member with a convincing email to the Multi-Family Office CFO. We assessed that the family member fell victim to a phishing email, which continues to remain an effective method for stealing login & password credentials for online accounts such as email. Following this, after reviewing current processes & polices, Banyan Cyber worked with the Multi-Family Office to implement procedures for verifying urgent wire transfer orders.

Banyan Solution

Client Impact

Banyan Cyber helped the Multi-Family Office implement more rigorous processes for confirming the legitimacy of internal wire transfer requests to outside parties. This included establishing a two-factor authentication method to confirm if a legitimate email account is being used by an authorized user. In addition, a cybersecurity solution was deployed on computer systems to provide around-the-clock monitoring & detection of any unauthorized access attempts by malicious hackers.