• COVID-19
  • Insights
  • Who We Help
    •   Industrial Automation
    •   Manufacturing & Distribution
    •   A&E Professional Services
    •   International Businesses
      • ◦   Expanding Outside the U.S.
      • ◦   Expanding to the U.S.
  • Services
    •   COVID-19
      • ◦   Cash Flow Confidence Assessment
      • ◦   Maximize Your Loan Forgiveness
      • ◦   5 Key Focus Areas
      • ◦   COVID-19 Resource Center
    •   Client Accounting
      • ◦   Software Solutions
      • ◦   Accounting Support
      • ◦   Reporting
    •   Tax
      • ◦   R&D Tax Credit
      • ◦   Tax Credits & Incentives
      • ◦   Tax Structure
      • ◦   Federal Tax
      • ◦   State & Local Tax
      • ◦   Personal Tax
      • ◦   Other Tax Filings
    •   Advisory & Assurance
      • ◦   Assurance Levels
      • ◦   Reporting
      • ◦   Employee Benefit Plan Audits
      • ◦   Technical Accounting & Reporting
    •   Consulting
      • ◦   Data Analytics
      • ◦   Transaction Services
      • ◦   Business Planning
      • ◦   Succession & Exit Strategies
    •   International
      • ◦   International Tax
      • ◦   Foreign Direct Investment
      • ◦   Global Expansion
      • ◦   International Accounting
  • Events
  • Careers
    •   Why C&M
    •   Students
      • ◦   Campus Events
      • ◦   Internships
      • ◦   Reach Beyond Program
    •   Experienced Professionals
      • ◦   Team member profile videos
    •   Opportunities
    •   Employee Journals
    •   Office Tour
  • About Us
    •   How We Help
      • ◦   Service Approach
      • ◦   Affiliations
      • ◦   Communications & Technology
    •   Meet Our Team
    •   Testimonials
    •   Our Videos
    •   Our Story
  • Contact Us
  • Subscribe
CHANGE COUNTRY:
  • United States
  • 中国
  • Client Login
Clayton & McKervey Logo
  • COVID-19
  • Insights
  • Who We Help
  • Services
  • Events
  • Careers
  • About Us
  • Contact Us
  • Subscribe
    • Most Recent Insights
  1. Home
  2. Insights
  3. Vigilance Helps Defend Cyber Attacks

Vigilance Helps Defend Cyber Attacks

Posted by Dave Van Damme on February 5, 2019

Dave Van Damme Dave Van Damme

Situations You’ll Want to Avoid

You have undoubtedly heard it before:  When it comes to opening emails, clicking links, and browsing – – “Be vigilant.”  But why? In short, because not only are cyber security breaches in the news on the rise, but because issues are already happening at our clients.  Check out the following story:

Client Situation #1

Brother # 1 manages Company A – US, a foreign owned subsidiary and our direct client.  Brother #2 manages a smaller subsidiary, Company B – Foreign, from the parent company located in Europe.  Brother #1 and #2 own the parent company.

The vice president and controller of Company A – US, let’s call her “Betty,” will correspond via email and phone calls with Brother #2 about global operations and other matters.   Brother #2 loves dogs and regularly talks with Betty about his beloved pet.

One day Betty gets a phone call from Brother #2, who explains and asks: “We are cash tight right now and behind on paying one of our major vendors.  Is it possible for you to pay a few invoices on our behalf, and we’ll reimburse you as soon as we can access funds from our lender?”  The real kicker that follows is: “By the way, did you get that photo I emailed of my dog?”

Betty’s immediately thinking that everything sounds logical — after all, it was a phone call and reference was made to topics regularly discussed. Furthermore, Betty has been requested to do this very thing for Brother #2 in the past.  Nonetheless, Betty fills in Brother #1, who further confirms and says “sounds reasonable.”

Brother #2 emails Betty the related invoices.  These are smaller amounts, less than $50,000 in total.  The funds are sent.  A couple of days later money is actually received back!

A few days further out, another request is made, this time for invoices in excess of approximately $300,000.  Again, money sent.  But this time, well…nothing.

As a few more days go by, Betty casually mentions to Brother #1 that Brother #2 seems to be much slower at repaying these last larger invoices.  For whatever reason, this causes immediate concern to Brother #1 who asks to see the email string relating to everything.

What’s immediately noticed?  The spelling of Brother #2’s name is off, ever so slightly.

Together, they call Brother #2.  As it turns out, none of it is real — not even the phone call.  The hackers, in this case, were sophisticated enough to not only hack the email server but also tap into the phone system, see and listen to everything and, as a result, were able to execute a call with Betty impersonating the sound of the voice of Brother #2!  That’s just Client Situation #1.

Client Situation #2

Client Situation #2 involved the entire lock down and encryption of servers for almost a month until the equivalent of 30 bitcoin were paid, a point in time in which they were, going for $7,000 a pop.  In addition, significant additional costs were paid to professionals to help get the systems back online and to replace equipment.

Client Situation #3

Client Situation # 3 involved the payment of close to $500,000 to what the client thought was a request from their CFO.

So again, what does this have to do with you, or being “vigilant?”

While you may not be the one who wires money from your organization’s pocketbook under false pretenses, in all client situations, someone in the organization clicked or opened something which allowed hackers access to the overall corporate server, which in turn allowed the hacker to find the “right” person.  Quite often it is the person with access to the bank accounts.

Said differently, the ultimate “click” that led down a long road of Betty wiring $300,000 off to hackers, did not have to start at her computer.  It may have started with Joe on the shop floor.  Or Sam from engineering.  Or anybody.  The key is, that whoever did it, while [hopefully] not on purpose, allowed the hackers a chance to get into the company, and from there, they waited and watched until they found the right opportunity with Betty.

Everyone plays a role in helping prevent this from happening

  1. If you’re not expecting it. Don’t open it.
  2. Hover over links before clicking them. Does the site look legitimate?
  3. Be safe rather than sorry. If somebody sends something that was legitimate, but you weren’t expecting it: call them!  Or, delete the email.  If it was important, they’ll follow-up again.
  4. When it doubt, ask for help.

 

Our team is always ready to help.

Please contact us for more information.

Dave Van Damme

Dave Van Damme

Senior Manager, Advisory & Assurance

Contact Dave   |   Read Dave's bio

related news

How to Claim R&D Tax Credits

Part four of our R&D series answers two common questions about the R&D tax credit: How do I claim the R&D tax credit? Do I really need to claim the…

Read full story

IRS Issues New Guidance on PPP and Employee Retention Credit Eligibility

The IRS issued highly anticipated guidance regarding the employee retention credit (ERC) on March 1. We have previously outlined how the Consolidated Appropriations Act, passed in December, permitted employers receiving…

Read full story

Honoring International Women’s Day

In honor of International Women’s Day, I’d like to take a moment to recognize the talented women who have helped build our outstanding reputation within the business community – both…

Read full story

How to Calculate R&D Tax Credits

As we’ve seen in the first two installments of this series, business owners often miss out on the R&D tax credit opportunity and the bottom-line infusion it can provide. Many…

Read full story

Doing Business in Mexico: What to Expect this Year

Without a doubt, this year will be interesting for Mexico. To start, it’s an election year and we all know what that means…a lot of uncertainty. As the global pandemic…

Read full story

Categories

Jump directly to the topics that matter to you most.

  • A&E Professional Services
  • About Us
  • Advisory & Assurance
  • Business Owners
  • C&M Press Releases
  • Careers
  • China Consulting
  • Clayton & McKervey
  • Client Accounting Services
  • Consulting
  • COVID-19
  • Data Analytics
  • Estate Planning
  • Expanding Outside the U.S.
  • Expanding to the U.S.
  • From the President
  • Industrial Automation
  • International
  • Manufacturing & Distribution
  • Mexico Consulting
  • Podcasts
  • Private Client Services
  • Tax & Tax Credits
  • Transaction Services
  • Videos

Authors

Read news direct from our managers and stakeholders.

    • Ben Smith
    • Beth Butchart
    • Bryan Powrozek
    • Carlos Calderon
    • Casey Haggerty
    • Clayton & McKervey
    • Dave Van Damme
    • Denise Asker
    • Eric Lin
    • Jim Biehl
    • Julie Killian
    • Kevin Johns
    • Margaret Amsden
    • Miroslav Georgiev
    • Nina Wang
    • Rob Dutkiewicz
    • Ruben Ramirez
    • Sarah Russell
    • Sue Tuson
    • Tarah Ablett
    • Teresa Gordon
    • Tim Finerty
    • Tim Hilligoss
    • Wendy Reedy

Additional Resources

Additional news from Clayton & McKervey can be found below.

  • Subscribe to our email newsletter
  • View upcoming events
  • Contact us to let us know how we can help you
  • Main Content
  • Related Insights

Vigilance Helps Defend Cyber Attacks

Posted by Dave Van Damme on February 5, 2019

Dave Van Damme

Situations You’ll Want to Avoid

You have undoubtedly heard it before:  When it comes to opening emails, clicking links, and browsing – – “Be vigilant.”  But why? In short, because not only are cyber security breaches in the news on the rise, but because issues are already happening at our clients.  Check out the following story:

Client Situation #1

Brother # 1 manages Company A – US, a foreign owned subsidiary and our direct client.  Brother #2 manages a smaller subsidiary, Company B – Foreign, from the parent company located in Europe.  Brother #1 and #2 own the parent company.

The vice president and controller of Company A – US, let’s call her “Betty,” will correspond via email and phone calls with Brother #2 about global operations and other matters.   Brother #2 loves dogs and regularly talks with Betty about his beloved pet.

One day Betty gets a phone call from Brother #2, who explains and asks: “We are cash tight right now and behind on paying one of our major vendors.  Is it possible for you to pay a few invoices on our behalf, and we’ll reimburse you as soon as we can access funds from our lender?”  The real kicker that follows is: “By the way, did you get that photo I emailed of my dog?”

Betty’s immediately thinking that everything sounds logical — after all, it was a phone call and reference was made to topics regularly discussed. Furthermore, Betty has been requested to do this very thing for Brother #2 in the past.  Nonetheless, Betty fills in Brother #1, who further confirms and says “sounds reasonable.”

Brother #2 emails Betty the related invoices.  These are smaller amounts, less than $50,000 in total.  The funds are sent.  A couple of days later money is actually received back!

A few days further out, another request is made, this time for invoices in excess of approximately $300,000.  Again, money sent.  But this time, well…nothing.

As a few more days go by, Betty casually mentions to Brother #1 that Brother #2 seems to be much slower at repaying these last larger invoices.  For whatever reason, this causes immediate concern to Brother #1 who asks to see the email string relating to everything.

What’s immediately noticed?  The spelling of Brother #2’s name is off, ever so slightly.

Together, they call Brother #2.  As it turns out, none of it is real — not even the phone call.  The hackers, in this case, were sophisticated enough to not only hack the email server but also tap into the phone system, see and listen to everything and, as a result, were able to execute a call with Betty impersonating the sound of the voice of Brother #2!  That’s just Client Situation #1.

Client Situation #2

Client Situation #2 involved the entire lock down and encryption of servers for almost a month until the equivalent of 30 bitcoin were paid, a point in time in which they were, going for $7,000 a pop.  In addition, significant additional costs were paid to professionals to help get the systems back online and to replace equipment.

Client Situation #3

Client Situation # 3 involved the payment of close to $500,000 to what the client thought was a request from their CFO.

So again, what does this have to do with you, or being “vigilant?”

While you may not be the one who wires money from your organization’s pocketbook under false pretenses, in all client situations, someone in the organization clicked or opened something which allowed hackers access to the overall corporate server, which in turn allowed the hacker to find the “right” person.  Quite often it is the person with access to the bank accounts.

Said differently, the ultimate “click” that led down a long road of Betty wiring $300,000 off to hackers, did not have to start at her computer.  It may have started with Joe on the shop floor.  Or Sam from engineering.  Or anybody.  The key is, that whoever did it, while [hopefully] not on purpose, allowed the hackers a chance to get into the company, and from there, they waited and watched until they found the right opportunity with Betty.

Everyone plays a role in helping prevent this from happening

  1. If you’re not expecting it. Don’t open it.
  2. Hover over links before clicking them. Does the site look legitimate?
  3. Be safe rather than sorry. If somebody sends something that was legitimate, but you weren’t expecting it: call them!  Or, delete the email.  If it was important, they’ll follow-up again.
  4. When it doubt, ask for help.

 

Our team is always ready to help.

Please contact us for more information.

Dave Van Damme

Senior Manager, Advisory & Assurance

Contact Dave   |   Read Dave's bio

related news

How to Claim R&D Tax Credits

Part four of our R&D series answers two common questions about the R&D tax credit: How do I claim the R&D tax credit? Do I really need to claim the…

Read full story

IRS Issues New Guidance on PPP and Employee Retention Credit Eligibility

The IRS issued highly anticipated guidance regarding the employee retention credit (ERC) on March 1. We have previously outlined how the Consolidated Appropriations Act, passed in December, permitted employers receiving…

Read full story

Honoring International Women’s Day

In honor of International Women’s Day, I’d like to take a moment to recognize the talented women who have helped build our outstanding reputation within the business community – both…

Read full story

How to Calculate R&D Tax Credits

As we’ve seen in the first two installments of this series, business owners often miss out on the R&D tax credit opportunity and the bottom-line infusion it can provide. Many…

Read full story

Doing Business in Mexico: What to Expect this Year

Without a doubt, this year will be interesting for Mexico. To start, it’s an election year and we all know what that means…a lot of uncertainty. As the global pandemic…

Read full story

Categories

Jump directly to the topics that matter to you most.

  • A&E Professional Services
  • About Us
  • Advisory & Assurance
  • Business Owners
  • C&M Press Releases
  • Careers
  • China Consulting
  • Clayton & McKervey
  • Client Accounting Services
  • Consulting
  • COVID-19
  • Data Analytics
  • Estate Planning
  • Expanding Outside the U.S.
  • Expanding to the U.S.
  • From the President
  • Industrial Automation
  • International
  • Manufacturing & Distribution
  • Mexico Consulting
  • Podcasts
  • Private Client Services
  • Tax & Tax Credits
  • Transaction Services
  • Videos

Authors

Read news direct from our managers and stakeholders.

  • Ben Smith
  • Beth Butchart
  • Bryan Powrozek
  • Carlos Calderon
  • Casey Haggerty
  • Clayton & McKervey
  • Dave Van Damme
  • Denise Asker
  • Eric Lin
  • Jim Biehl
  • Julie Killian
  • Kevin Johns
  • Margaret Amsden
  • Miroslav Georgiev
  • Nina Wang
  • Rob Dutkiewicz
  • Ruben Ramirez
  • Sarah Russell
  • Sue Tuson
  • Tarah Ablett
  • Teresa Gordon
  • Tim Finerty
  • Tim Hilligoss
  • Wendy Reedy

Additional Resources

Additional news from Clayton & McKervey can be found below.

  • Subscribe to our email newsletter
  • View upcoming events
  • Contact us to let us know how we can help you

Website

  • COVID-19
  • Insights
  • Who We Help
  • Services
  • Events
  • Careers
  • About Us
  • Contact Us
  • Subscribe

Location

+1 248.208.8860
2000 Town Center
Suite 1800
Southfield, MI
48075 | USA

Connect

  • Events
  • Newsletter
  • Client Login

Social

  • LinkedIn
  • Facebook
  • Twitter
  • Glassdoor
  • YouTube
  • Instagram

Awards

DFP Top Work Places Best & Brightest
Prime Global

Tax | Accounting | Assurance | Consulting | Highly technical and accessible team of CPAs helping growth driven, closely held, middle market companies compete in the global marketplace. Michigan-based accountants and advisors focused on helping business owners in the United States and throughout Europe and China.

Privacy Policy Disclaimer

© 2021 Clayton & McKervey