News + Resources

Know your customers

• Verify bank details
• Check email domains
• Be aware that fraudsters may be setting up companies in your name overseas in order to perpetrate fraud
• You have to act fast if you something looks wrong – SWIFT messaging gets attention but you need legal means to freeze contested money – and if the email chain looks like heavy cut and paste, that’s a red flag.

Narrative

Astaara was delighted to assist a client and help recover a significant proportion of funds that had been misdirected in a sophisticated man-in-the-middle business e-mail compromise attack.

With the full support of the client, Astaara identified when and how the breach had occurred, and the detailed timeline of activities leading to the transfer. Using our network we were able to identify to whom the funds had been transferred, and working with our partners in a number of jurisdictions to rapidly trace and obtain injunctive relief to seize and return the misappropriated funds before they had been distributed. This rapid joint action ultimately resulted in the arrest of local and foreign actors working on behalf of an organised crime group in a different jurisdiction.   

Ultimately this great team effort between Astaara, our client and lawyers, enabled the successful recovery of a large proportion of the misdirected funds.  An excellent example of how Astaara Risk Management can make a meaningful difference to your business and cyber risks overall.

For this attack to have worked, the attackers needed a bank account and a registered company with a name that looked very similar to that of the intended recipient, but in a different jurisdiction.   Fortunately, the jurisdiction in question had an open corporate registry which enabled us to rapidly combat the fraud.

But there are many more legitimate companies out there who will have had their brands effectively stolen without their knowledge, by criminals seeking to defraud their customers. It still seems too easy to open a corporate bank account in another company’s name purely for criminal purposes.

Astaara’s Conclusion

Misdirected funds can be very difficult to get back.  But that does not mean you should not attempt a recovery.  Banks have to keep records of transactions, and know where the money has gone – they just need legal cover to protect themselves.  Criminals rely on the perception that money can vanish quickly to dampen down expectations of a recovery. 

If you fall victim to a business e-mail compromise leading to misdirected funds, don’t take it lying down – talk to us about your options – you might not get it all back, but something is always better than nothing.  And investigate whether your brand is being misused in jurisdictions in which you are not present – you might find you are represented in some interesting places.