Earler this week, Levitas Captial was forced to close following a major cyber attack, resulting in their major client withdrawing their funds.
The attacker, that gained access to systems through a fake Zoom invite, stole $8.7 million though fake invoices. In the end, they managed to prevent most of the funds from being stolen, but were still late to stop almost $800’000 from being spent from the scammer. For most businesses, losing that amount of money alone would be devastating. But as naturally follows such a breach, so too goes their client confidence which resulted in their major client Australian Catholic Super withdrawing their funds.
It is reported that it was only by chance that the attack was discovered. The cofounder Michael Fagan logged on to their bank account to discover $1.2 million had been transferred out eight days earlier.
Mr Fagan said the payment request was suspicious on many levels and should have been picked up by both the trustee and the administrator, Apex. Several failures lead to the theft and the ultimate downfall of Levitas Capital, such as the invoice being addressed incorrectly. The fund administrator, Apex, did call Mr Fagan to verify the transaction, but he was at the gym and said he would call back before approving any payments. When he returned to the office he emailed Apex but received no reply or call back.
Apex said it “strongly disputes claims that insufficient attempts were made to inform the managers of potentially fraudulent transfers”.
This should stress to all businesses out there that an antivirus and a firewall is not sufficient against cybercrime. Appropriate funds transfer protocols, incident response plans and cybersecurity awareness training should be at the top of every businesses list for this coming 2021.