Toyota Parts Supplier Loses $37 Million in Email Scam
Toyota Boshoku, a seating and interiors supplier for Toyota cars, has revealed that it was tricked into moving a large amount of money into a bank account controlled by scammers.
In a statement published on its global website, Toyota Boshoku Corporation said that its European subsidiary was duped into transferring approximately four billion yen (over US $37 million) out of the business and into a bank account controlled by criminals on 14 August.
The company says it became aware of the fraud shortly after it occurred and put together a team to try and recover the lost funds.
“Recognising the high possibility of criminal activity, we promptly established a team comprising legal professionals, then reported the loss to local investigating authorities,” the news release explained. “While cooperating in all aspects of the investigation, we are devoting our utmost efforts to procedures for securing/recovering the leaked funds.”
If Toyota Boshoku does not manage to recover any of the stolen funds, the company warns it may have to amend its March 2020 earnings forecast.
One can’t help but feel sorry for the poor individual inside Toyota Boshoku who made the money transfer into a swindler’s bank account. The truth is that none of us are immune from being socially engineered, and although we might think that we are wise to all scams, we only need to be momentarily distracted to make a mistake that could cost a company millions of dollars.
Oftentimes, business email compromise (BEC) scammers will target accounting and finance departments, tricking them into wiring considerable amounts of money into bank accounts under their control, by posing as genuine suppliers invoicing for services delivered or as senior company executives.
In other words, an invoice might come into the company for a genuine service that has indeed been provided by a supplier but with different bank account details. An experienced confidence trickster can make their invoice highly convincing and may use information gleaned from compromised email accounts (either at the targeted company or the supplier) to make their communications even more convincing.
If your business is unfortunate enough to be targeted by BEC scammers, it makes sense to inform law enforcement agencies. Organisations in the United States who have fallen victim would be wise to also complete the form on the Internet Crime Complaint Center (IC3) website to help freeze and recover lost funds if possible and gather information on those responsible.
Co-operating with the authorities and assisting them with any information that you might have about a fraudster can help to bring them to justice. Earlier this week, the U.S. Department of Justice announced that 281 suspected BEC scammers had been arrested in countries around the world as part of an investigation dubbed “Operation reWired.” Also this week, the FBI announced that it has detected a troubling 100% increase in losses stemming from BEC scams between May 2018 and June 2019, amounting to a staggering global loss of US $26.2 billion dollars.
It should be noted that these are only the BEC losses that the FBI knows about; it’s possible that there are even more that do not get reported by businesses to law enforcement agencies.
What is clear is that the amount of money which can be made by online criminals through BEC scams is considerable. All organisations must educate staff against the threats and put mechanisms in place to reduce the chances of a potential fraud succeeding.