The Toyota Boshoku Corporation, a major supplier of Toyota auto parts, reported some distressing news this week. Fraudsters fleeced the company via an email scam to the tune of about ¥ 4 billion (JPY). That works out to just over $37 million at today's exchange rate.
On August 14th, attackers managed to convince someone with financial authority to change account information on an electronic funds transfer. Both Toyota Boshoku Corporation and its subsidiary have been in contact with law enforcement officials and an investigation is under way.
It's not yet know if the company will be able to recover any of the misdirected funds. Understandably, the press release offers few additional details. It does note that the incident may require the company to adjust its March 2020 financial projections.
Today In: Innovation
This type of cyberattack is known as a business email compromise (or BEC), and they've become frightfully common in recent years. According to a report from the FBI, BECs have cost the global business community about $5.3 billion over the last six years. It's believed that 75% of businesses are exposed to at least one attempted BEC in a given year.
The attacker's playbook is fairly straightforward. They start by identifying names and email addresses of potential victims (often in finance and HR departments) and a suitable name and email address from which to launch the attack (an executive, manager, or even a finance staffer who works for a contractor).