Fraudsters have conned Norfund, a private equity investment firm based in Oslo, Norway, out of more than $10 million in what the company calls an “advanced data breach.” But the incident bears the hallmarks of a business email compromise scam.
Scammers spent months within Norfund’s internal IT network, gaining access to emails and other communications between the company executives and the partners and businesses in which the firm has made investments, CEO Tellef Thorleifsoon told the Norwegian newspaper Aftenposten. This provided fraudsters with knowledge of documents and other data, which enabled them to falsify payment details, he said.
The $10 million theft, which occurred on March 16, went undetected until April 30, when the fraudsters attempted a second, unsuccessful scam, according to a company statement.
© 2020, All rights reserved.