Alutiiq LLC, a subsidiary of Afognak Native Corp – an Alaska Native village corporation based on Kodiak Island – lost $3.8 million in a “cyberfraud attack” last month, according to Alaska Dispatch News.

Afognak CEO Greg Hambright told the corporation’s 900 shareholders in a letter that “the company is working aggressively to recover funds to the maximum extent possible under law”.

Human error

On April 15, when senior management was at a shareholder meeting, attackers emailed the Alutiiq controller from an account mimicking Mr Hambright’s with instructions regarding a “confidential transaction”.

Shortly afterwards, the Alutiiq controller received a phone call from someone claiming to be an attorney, requesting the urgent transfer of $3.8 million “to an entity later revealed to be a fictitious third party company based in Hong Kong.”

The controller, mistakenly believing the request to be authentic, then transferred the money.

When the transfer was discovered by Hambright and chief financial officer Bill Zang two days later, the FBI was contacted to investigate. Corporate attorney Peter Boskofsky confirmed that the corporation’s computer accounts were not breached and that all customer data remains secure.

Phishing vulnerability assessment

Human error remains one of the primary causes of data losses in organizations. As CISCO’s 2015 Annual Security Report notes, “Users and IT teams have become unwitting parts of the security problem.” (Or, as cyber criminal-turned-security consultant Kevin Mitnick said rather more bluntly, “You can’t download a patch for human stupidity.”)

If you’re concerned about your staff’s susceptibility to phishing attacks – in which unsuspecting users are tricked into downloading malware or handing over personal and business information – and want to ensure the security of your company’s information and revenue, you’ll be interested in IT Governance’s Employee Phishing Vulnerability Assessment.

This service will identify potential vulnerabilities among your employees and provide recommendations to improve your security, giving you a broad understanding of how you are at risk and what you need to do to address these risks.

Ensure your staff do not inadvertently put your revenue – and information – at risk. Find out how vulnerable you are before it’s too late >>