A group of hackers has launched a new attack aimed at corporate infringement e-mail of Toyota Boshoku Corporation, a member of the Toyota Group. OR company it said yesterday that one of its European subsidiaries was the victim hacking attack resulting in loss of 37 million dollars.
Toyota Boshoku said in a press release that the scammers managed to deceive employees about some payments and so they stole a large sum of money.
The attack took place on August 14. Unfortunately, both Toyota Boshoku Corporation and its subsidiary did not realize in time that they were scam.
Following the discovery of the email infringement incident, the company hired specialists for research conduct and then informed the local authorities.
The company said that it is actively involved in research but its main concern is to carry out the necessary procedures for securing / recovering stolen funds.
There is not much information available at this time, as research is still ongoing.
Toyota dealers in Australia have also been targeted hackers. The attack on the company caused the systems to shut down on 19 February.
Attacks targeting corporate email fraud are very common and effective big profits to the scammers. Toyota is one of many companies that have fallen victim to this attack.
Hackers email employees of specific companies, deceive them (they represent a familiar person, company manager maybe) and ask them to transfer money to someone account, owned by hackers. The employees, because they think they talk to a trusted person, obey and send the money. For this reason, this attack has a high chance of success.
Fortunately, some victims manage to recover some of the stolen funds by freezing them (if they can). However, not everyone is so lucky.
An FBI report in April on 2019 revealed that during 2018 companies lost over 1,2 billions of dollars because of this type of attack.
The Financial Crimes Enforcement Network (FinCEN) also published a report which showed that 2016 lost an average of $ 110 million a month, while 2018 lost about $ 301 million.
Companies must take strict measures to ensure that they do not fall victim of such an attack. Any changes to payment information should be monitored and verified, and personal meetings or even phone conversations should be preferred when large sums of money are needed.