Nikkei Inc. recently fell victim to a business email compromise (BEC) scam that cost the Japanese media conglomerate $29 million.
In a statement released on October 30, the company revealed that an employee at Nikkei America based in New York City fell for a BEC scam.
The worker transferred $29 million (approximately 3.2 billion Japanese Yen) to an account under the control of an attacker who was posing as a Nikkei America management executive.
The media conglomerate, which lends its name to the Japanese equivalent of the Dow Jones Industrial Average premier stock index, soon realized that it had been a victim of fraud. Per the statement, Nikkei quickly sprang into action:
Nikkei America immediately retained lawyers to confirm the underlying facts while filing a damage report with the investigation authorities in the U.S. and Hong Kong. Currently, we are taking immediate measures to preserve and recover the funds that have been transferred, and taking measures to fully cooperate with the investigations. We are investigating and verifying the details of the facts and causes of this incident.
This attack comes at a time when business email compromise scams are on the rise.
Back in September, the FBI’s Internet Crime Complaint Center (IC3) revealed that it had identified a 100 percent increase in losses stemming from these types of attacks between May 2018 and June 2019. Those damages contributed to the $26,201,775,589 worth of global losses that BEC victims incurred over 166,349 separate incidents reported to the FBI between June 2016 and July 2019.
When combined with the FBI’s findings, the Nikkei attack serves as a reminder for organizations to defend against BEC scams. They can begin by implementing security policies that require multi-factor authentication such as a phone call before employees can authorize a financial transaction after receiving an email from whom they presume is an executive at their company. They should also use security awareness training to educate employees and executives alike about the most common types of phishing campaigns, thereby helping to secure business accounts against BEC scammers.