The target: Philips Capital Inc, a Chicago-based brokerage firm.
The take: $1 million USD from a client account.
The attack vector: Attackers gained access to internal systems via a successful phishing attempt and impersonated a client of the firm using information they’d gained from reviewing past e-mail correspondences. Gaps in disbursement procedures allowed a requested wire transfer to an unknown bank account to be approved and processed.
While technical controls can protect against cyber-attacks, they cannot always compensate for gaps in procedure and a failure to think critically.