Smart executives take some basic precautions to guard against this kind of fraud. The essential first step is to keep all email on a private server in some guy’s bathroom.
Solution 20 years ago is digital certificates to sign email (side benefit: recipient’s public key can be used to encrypt email). 20 years later there are other secure messaging solutions but good old signed email is still there waiting for those bankers to start using it.
“Further assisting the perpetrators, the website also listed the company’s executive officers and their e-mail addresses and identified specific global media events the CEO would attend during the calendar year.”
A little common sense can also be helpful in preventing this sort of thing.
and that really is not a lot of money
and again an email from my boss while he is where ever. would be deleted like a fart at a wedding. my fist pass is that he is going on a permanent vacation.
Even our CEO/President had a “spending limit” without approval. I am sure it was higher than my $2,000... But it sure as hell was a or less than $500,000 without a co-sign of the CFO. And if the deal was THAT big and important, the person signing off on the wire would know about it.
I know it’s the 21st century, but has everyone forgotten what financial “controls” are?
Cryptography could have aided greatly in detecting this kind of fraud. It shocks me that in 2015, public key cryptography is not routinely used to authenticate a sender’s validity.
corporate best practices 101 - Don’t send three quaters of a million dollars without at least a phone call.