Escrow Firm Loses $1.5M In Cyber-Heist

A nine-person Californian escrow firm lost $1.5 million in three electronic transfers in December 2012 and January 2013, and has subsequently been closed down by state regulators. The culprit?  A remote access Trojan horse program that was installed on the computer that they used for online banking.  The money disappeared into Russia and China, and only the Russian transaction has been recovered so far.

You can read the entire sad story on Sophos, but the important takeaways follow.

First, while the company had two factor authentication for their online banking that required a password and a security number from a security token (the number changes every 30 seconds), at the time of these transactions the token was not operational for some reason.  If you are going to bank online, two factor authentication is a requirement.

Second, due to the current level of online banking fraud, it is recommended that businesses use a dedicated computer for online banking.  It is ideal if you use a Linux or Mac system, since there are fewer exploits than for Windows machines.  If using a Windows system, it must be keep off the Internet for anything other than banking – no email or browsing.  Also must be kept up to date with Windows updates, and have a full security suite, such as AVG Internet Security 2013, and be set up to perform a full system scan daily.  Turn off the computer when not actually banking.

Third, have a discussion with your banker about blocking foreign electronic funds transfers if your business does not require them.  You can also set up a service that requires explicit approval for all EFTs before the bank releases the funds.  The escrow company’s bank did nothing to prevent or impede the three transactions.  After the first one, in December, you could hope that someone would have questioned the subsequent transactions!  Fool me once….

Fourth, purchase cyber liability insurance for your business.  Check with your insurance agent if your general liability policy provides any protection at all, and if so, for what, and how much.  You may need more.  If so, get it!  At this point you are more likely to suffer a loss online than from a fire or natural disaster.

The last piece is to have a qualified computer security expert conduct a penetration test or vulnerability scan so that you can discover where the holes are in your cyber defenses, and take action to plug the gaps in your security.  This is work you do not want to trust to your regular IT support team.  If you ask them, they will tell you everything is “fine” and they just might be mistaken. We do this work for our clients, so if this is something you would like to discuss, feel free to contact us.

How hackable are you?  Do you want to know?  Are you willing to bet your company that everything is “fine?”  And as always – be careful out there!  I could be expensive to do otherwise.


About the Author:

I am a cybersecurity and IT instructor, cybersecurity analyst, pen-tester, trainer, and speaker. I am an owner of the WyzCo Group Inc. In addition to consulting on security products and services, I also conduct security audits, compliance audits, vulnerability assessments and penetration tests. I also teach Cybersecurity Awareness Training classes. I work as an information technology and cybersecurity instructor for several training and certification organizations. I have worked in corporate, military, government, and workforce development training environments I am a frequent speaker at professional conferences such as the Minnesota Bloggers Conference, Secure360 Security Conference in 2016, 2017, 2018, 2019, the (ISC)2 World Congress 2016, and the ISSA International Conference 2017, and many local community organizations, including Chambers of Commerce, SCORE, and several school districts. I have been blogging on cybersecurity since 2006 at

Add a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.