It was enough to send a mail asking for a change of account to extort a few million zlotys - employees of the Cenzin company, belonging to Polska Grupa Zbrojeniowa, let themselves be approached as children.
Phishing is probably the easiest way to withdraw money from the company. Security is as good as their weakest link. And that usually the weakest point is a man ...
This truth turned out to be current once again. RMF FM informs you that Cenzin has received emails asking you to change the account to which you have transferred money for delivery. It would seem that in a situation in which we talk about millions of amounts, such an operation should be subject to certain verification. This, however, probably ran out because the Cenzin accountants changed the account number and in the following months they transferred a total of about PLN 4 million to the fraudsters' account.
When the company realized that the money went wrong, an immediate audit began. RMF reports that two people have already lost their job (including the person responsible for security), and two more have been reprimanded. PGZ authorities were also worried that such corpses would fly out of the wardrobe, because they began to verify whether the rest of the transfers went to the right places.
It is a pity that once again we hear about such a banal way to derive powerful money from the company. Similar stories can be found in the media almost every week, and short training of employees with methods of defense against phishing attacks should probably not be beyond the reach of the group, which annually turns billions of zlotys.
Not only Poles.
However, it would not be a problem for Poles alone. In a similarly banal way, employees of Lazio Rome managed to approach last year, sending 2 million euros to fraudsters. The criminals just posed to the Dutch Feyenoord Rotterdam and reminded the Italians that they still had not paid the entire fee for the transfer of one of the defenders. In their mistake they realized it only when the email with the demand for repayment sent the "proper" Feyenoord.
More sophisticated tricks were used by Positive Technologies. As part of the test, she sent emails to employees of large corporations with infected attachments (and catchy titles such as tax refunds). She broke every 4th person in this way.
A smart Pole after the damage. At PGZ, there is a check, because the accountants sent 4 million to a fake account