Skip to Main Content

How $43,000 Got Stolen From A Small Business In The Blink Of An Eye

What you are about to read is a real story showing you how a business can be devastated by cybercriminals in the blink of an eye. Most importantly, I'll share several ways this could have been avoided. Make sure to forward this to anyone who might be making online payments and, better yet, your entire staff. The name of the company and principals have been withheld so they don't become a further target.
$43,000 Gone In The Blink Of An Eye
Imagine, on a normal Friday night after a long week of work, you glance down at your phone and see an alert from your bank.
You open it to find that you've just paid a company you've never heard of $43,000!
This was an all-too-real situation for one small business owner a few weeks ago -- and there's NOTHING the owner, or police, or anyone else can do to get that money back. It's gone forever.
Thankfully, for this company, $43,000 was a loss they could absorb, but it was still a huge hit and, frankly, they are lucky they weren't taken for more.
Here's what happened and how you can keep this from happening to you.
The E-mail That Started It All
Imagine receiving an e-mail so convincing, so utterly devoid of red flags, that you find yourself compelled to act. This isn't a failure of judgment; it's a testament to the sophistication of modern cyberthreats.
In this case, an employee in the accounting department received an e-mail from the company's "CEO" saying they were starting to work with a new company and needed to get them set up in the system and make a payment to them right away.
This was NOT an abnormal type of e-mail, nor was the amount anything that aroused suspicion -- they made and received large amounts of money often.
The only telltale clue might have been that it came in on a Friday afternoon and it was made clear that it was an urgent matter that had to be handled right away.
The employee, thinking they were doing exactly what their boss wanted, set the attacker's company up in the system, including their bank routing number, and made a payment. And the minute they hit "Send," the money was never to be seen again.
It wasn't until the CEO called minutes later, after receiving notification of the transfer, that alarm bells started to ring! But by then it was all too late.
So, What Happened?
While it's impossible to know what exactly occurred to kick off this chain of events, the most likely culprit is that an employee, possibly even the owner, received an e-mail sent by a cybercriminal weeks or even months earlier that allowed this person to gain access to some of the company's systems.
In all likelihood, the e-mail looked normal and had a link that, when clicked, downloaded software onto the recipient's computer, and that's where things started to go wrong.
Over the following weeks, the cybercriminals accessed company communications, figuring out who the players were, and devised a plan to make it look like the CEO needed a vendor to be paid urgently.
And when the criminals determined the time was right, they "attacked" and walked away with $43,000 for their efforts.
Home Alone
While this scenario may sound far-fetched, it's not new.
If you remember seeing the classic movie Home Alone, would-be thieves watched houses immediately preceding Christmas to determine which families would be away for the holidays so they could break into those homes.
Cybercriminals do the same thing, but from a distance, and you'd never know they were ever there.
The scary fact is, your system could be compromised right now, and you would have no way of knowing it, until an attack happens.
In the cybercrime world, the kind of attack this company suffered is referred to as spear phishing. Criminals identify a single point or person in an organization who they believe could fall victim to a scam like the one that happened here, and they engineer a scheme to specifically target them.
What You And Your Employees Need To Know To Help Thwart Attacks
The sad fact is that there is no 100% safeguard against cybercriminals. But, just like our robbers in Home Alone, cybercriminals go after the low-hanging fruit. If your house has a gated entry, security system, outside cameras and lights, and has three vicious-looking dogs roaming around, would-be thieves are much more likely just to move on to a house without all these layers of security.
Cybercriminals operate in the exact same fashion, looking for companies that aren't protected and then targeting them specifically. So, the best thing you can do is have layers of protection for your company, along with education for your employees.
3 Things To Do Right Now To Protect Your Company
1. Multi-factor authentication (MFA), also called two-factor authentication (2FA), is not just a tool but also a shield against the relentless barrage of cyberthreats. An example of MFA is when you try to log into a program and it sends a code to your cell phone via text that needs to be entered before granting access to the program. While often deemed a nuisance, MFA isn't an inconvenience -- it's the digital equivalent of locking your doors at night. It's a simple yet profoundly effective measure that can be the difference between a secure business and a cautionary tale.
2. Employees are your first line of defense. Just like you'd teach your kids not to open the door for someone they don't know, you NEED to educate your employees on malicious threats. Teaching them about the common scams, how to avoid them and what to do if they think they've inadvertently clicked a link they shouldn't have, is key. You need to ask your IT company to provide this training, and often they have programs that you can require your employees go through a couple of times a year. The program then quizzes them to ensure they have the knowledge. While this process isn't something you or they will look forward to, the reality is that it could take just 10 to 15 minutes a couple times a year to keep you out of the news and your money out of someone else's account!
3. Get cyber security services in place. MFA is just the start of a comprehensive security plan. You need to talk to a qualified company (not your uncle Larry who helps you on the side) about getting more than a firewall and virus scan software. What worked a decade or two ago -- and may still be helpful on a home network -- would be like protecting a bank vault with a ring camera. It's just not going to cut it. NOTE: We offer a variety of security services for companies of all sizes and can certainly talk to you about options that make sense for your situation.
Whatever You Do, Don't Do This!!!
Maybe the worst thing the owner of the company that lost $43,000 did was they then posted a video and story on social media.
While their intentions were good because they wanted to warn other business owners not to fall victim to the same scam, they might as well have had T-shirts made with a big target on the back.
It'd be like having cash from your house taken, then going online and telling people exactly how it happened -- you're just inviting more people to come and try to take your cash.
Not Sure If You're As Protected And Prepared As You Should Be?
To make sure you're properly protected, get a FREE, no-obligation Cyber Security Risk Assessment. During this assessment, we'll review your entire system, so you know exactly if and where you're vulnerable to an attack.
Schedule your assessment with one of our senior advisors by calling us at 866-673-8682 or going to https://www.totalbc.com/free-network-assessment .

Maximizing ROI with Managed IT Services

Technology plays a pivotal role in driving growth and efficiency. As companies increasingly rely on IT systems to operate effectively, the decision to adopt managed IT services can significantly impact their return on investment (ROI). Managed IT...

Real-Time Response: The Heart of Scout Services

Businesses rely heavily on their IT infrastructure to operate efficiently. From ensuring seamless communication to safeguarding sensitive data, the stakes are higher than ever. This is where the importance of real-time response in IT management...

The Hidden Dangers of Built-In and Free Firewalls

The importance of cybersecurity cannot be overstated. With increasing threats from hackers, malware, and various cyberattacks, ensuring that your systems are protected is essential. Many users often rely on built-in or free firewalls, believing they...

Why SMBs Can't Afford to Ignore Cybersecurity

As we dive into Cybersecurity Awareness Month, it’s a crucial time for businesses of all sizes—especially small and medium-sized businesses (SMBs)—to reevaluate their cybersecurity measures. While large enterprises often dominate headlines...

The Role of VoIP in Unified Communications

In today's fast-paced business environment, seamless communication is essential for maintaining efficiency, collaboration, and customer satisfaction. This need has driven the adoption of Unified Communications (UC), a system that integrates various...

Important Microsoft Security Updates in August

In August 2024, Microsoft released a series of critical security updates to address vulnerabilities across its product suite. These updates are vital for maintaining the security of systems that rely on Microsoft technologies, as they patch flaws...

How to Prevent Data Loss: Tips and Best Practices

Prevention is better than cure. This age-old adage holds especially true when it comes to data loss. In our increasingly digital world, the loss of data can have severe consequences, ranging from minor inconveniences to significant financial and...

How to Choose the Right Business Phone System

Choosing the right business phone system is crucial for ensuring effective communication within your organization and with your clients. With various options available, selecting the best system for your business can be challenging. This guide will...

Top 10 Reasons to Choose TotalBC for IT Services

In today's fast-paced business environment, having a reliable and efficient IT infrastructure is critical. Managed IT services can provide the support and expertise needed to keep your operations running smoothly and securely. Here are the top 10...

“Savings” That Could Cost You EVERYTHING

As a business leader, you’re always looking for ways to increase revenue, cut expenses and grow your bottom line. Implementing AI tools, shopping services and running a more efficient operation are great ways to do that. One place you do NOT...

Email Phishing: How to Safeguard Your Inbox

In a fast-paced business environment, everyone is susceptible to engaging with malicious emails. Whether due to hastily catching up on messages when running late or checking emails while fatigued at the end of the day, just one simple click can...

Strengthening Business Security with TotalBC

Ensuring the safety and security of assets, employees, and customers is paramount to business success. As threats continue to evolve, businesses are turning to advanced surveillance technologies, such as Closed-Circuit Television (CCTV) and...

Pirates Aren’t Just Threats On The Open Seas

“Know Ye That We Have Granted And Given License To Adam Robernolt and William le Sauvage…to annoy our enemies by sea or by land, wheresoever they are able, so that they share with us the half of all their gain.” These were the words of King...

How Managed IT Services Can Help Your Business

When it comes to managing your IT systems, the main problem becomes optimizing the staff and resources required to keep your operations up and running. This task not only requires strategic planning, but also the right leadership and skilled IT...

Common Business Phone Malfunctions

We all rely on our phones in one way or another. They offer instant access to news, family, friends, colleagues, and clients alike. Apps can also get you pretty much anything that you want. Next to computers, phones are like the life...

What Is Data Cabling?

Data Cabling: Carrying Information Between Computers & Network Equipment Most buildings feature electrical, phone, and TV wiring. In recent decades, the fourth type of cabling system has become increasingly common. Data cables carry...

What Are The Benefits Of A Cloud Hosting System?

A growing number of businesses are implementing a cloud hosting system, and for good reason. Cloud hosting systems offer surprising benefits that help businesses protect crucial data from breaches and hardware failure. They are easier to access,...

Benefits of Managed IT Services

Whether you have a small or large business, it's important to carefully consider your IT needs and infrastructure. You may find that you don't have the resources or manpower to properly manage the necessary technologies. That's...

The Importance of Routine IT Maintenance

When an IT team decides to slow or shut down production for maintenance tasks, it might seem like a bottleneck. But just as a healthy human body requires regular checkups, a healthy organization requires regular IT...

Why Data Management is Important for Your Business

  A data management system is responsible for storing, retrieving, protecting, organizing, and sharing data assets throughout your organization. It's a simple solution to an epidemic of mismanaged data for businesses. There are many benefits to...