For all I know, they're talking about my previous employer (Sanmina). In electronics manufacturing, the economy is truly global and we had on average about 6,000 active suppliers at any point in time. It would have been (and was) trivial for someone to spoof a supplier's email and change bank routing information or send an illegitimate invoice. If the Accounts Payable and plant + corporate controllers aren't paying attention and reconciling invoices to orders, things like this will happen.<p>I feel bad for companies that fall for it, but at large publicly traded companies there's really no excuse. This is easily avoidable through process diligence & training.
It's actually not that uncommon. The scam can be as simple as: "please wire money to XXX" sent to the right underling from his boss on a weekend. All data mined from LinkedIn. Personally aware of multiple $10-20MM scams. The recovery here seems high. I've heard much worse.
I think this happens more than most IT folks here would believe, especially at small to medium businesses that have suppliers overseas. Something similar happened to my brother's employer, and they lost $100k because an employee simply didn't double check the routing number.<p>Most small businesses are run by non-tech savvy people, employing relatively non-tech savvy people. What people on this board consider common sense security procedures aren't so common sense to all.
Email is an amazingly insecure protocol that we rely on. Relatively hard to verify senders, complex cumbersome protocol, by default most clients send the <i>whole thread</i> back in a reply.
Must be nice to be a protected multinational. Small businesses that fall for these scams are just told to fill out a complaint form with the FBI. They dont get their money back.
I wonder why the company isn't named? Does the US even care about all the money being sent to my long lost relative in Nigeria or only when a big company loses money?