Trading firms are good at dealing with volatile markets, but hackers are a whole different challenge.
Hackers targeted a high-speed stock trading firm. And they hit the jackpot.
Virtu, one of the best in the high-tech world of electronic trading, fell victim to a routine Phishing attack. Hackers used a common Phishing attack to gain control of an executive's email account. And according to a recent SEC warning, these attacks increasingly focus on investment companies.
The unknown hackers gained access to the Virtu executive’s email in mid-May and sent the fake messages about 13 days later.
Once inside, the cybercriminals impersonated the executive and crafted fake emails to send to the firm's accounting department. These emails instructed the accounting department to wire nearly $11 million to an overseas bank account, purportedly of a trading counterparty.
Believing the messages to be genuine emails related to bank capital calls, Virtu’s accounting department sent two wire transfers totaling $10.8 million to the overseas accounts.
While this might sound crazy, this kind of money passes through trading firms every day. They routinely have capital calls and margin calls to meet all around the world. This simply seemed a normal part of daily operations. To perpetrate these kinds of attacks cybercriminals are even posing as FINRA officials.
The hackers (posing as the executive) directed the funds to be sent to a bank account in China. Again, for a global trading firm, this is not so unusual.
Maybe the only silver lining here is that Virtu moved rapidly to freeze the fraudulent payments. They found the funds at the Bank of China but were only able to stop some of the money from vanishing. In the end, the loss amounts to just under $7 million!
Virtu also notified its cyber insurance company, Axis Insurance, of the loss, but that also didn't go very well. Axis denied the claim. In response, Virtu sued. And now for the battle over who's to blame!
Axis declined to cover the claim, saying the loss wasn’t directly caused by the hack, but rather by the actions of Virtu employees who believed the fake emails, according to the lawsuit.
These battles with insurance companies can be costly and time consuming. And in the end, victims often end up with nothing to show for it.
The good news is that these hackers can be stopped!
The first step is training your team to avoid the initial Phishing email, the one that the executive fell for.
Are you ready to take action?
We make it easy to protect your team from attacks just like this one. Find out how to protect your team with