The publishing giant Nikkei lost roughly 29 million dollars after an employee of the Nikkei America subsidiary was tricked by scammers to send the funds to a bank account that they controlled. Nikkei is one of the world’s largest media corporations with around four million print and digital subscribers, and more than 40 affiliated companies involved in publishing, broadcasting, events, database services, and the index business. Business email compromise (BEC) is a fraud scheme which criminals use to trick a company’s employees into sending funds to an attacker-controlled account. In this case, a criminal impersonated a Nikkei executive into sending the funds to a fraudulent account.
Companies who fall victim to this style of a scam should notify the appropriate law enforcement agency as soon as possible so that evidence can be collected and secured for criminal investigations. Organizations are also recommended to provide training to their employees to help them recognize and defend from such scams. The most effective strategy for avoiding losses due to BEC scams is to establish a company policy that requires phone verification of any emailed orders to transfer money, and constantly testing that employees responsible for wire transfers follow the policy consistently. More information on this breach can be found here: https://www.bleepingcomputer[.]com/news/security/media-giant-nikkei-loses-29-million-to-bec-scammers/