Perfect Storm Cyber Security Breach: A Phishing Tale for All Business Owners

Perfect Storm Cyber Security Phishing Tale

What do you do when almost a half million dollars disappears from your company’s 401k holdings? Panic? Call your attorney? Call your insurance company? Sadly, one local manufacturing company recently had to answer this terrifying question with a cyber security breach.

We got the call from a mid-sized manufacturing client: Funds were missing from their employees’ 401k accounts. A quick investigation showed that a breach of personally identifiable information (PII), coupled with some brazen social engineering, was used to steal money from employees’ 401k accounts.

In this cyber security breach, an attacker used a multi-faceted approach that relied on poor cyber security hygiene, social engineering and lack of out-of-band verification processes to create a perfect storm that led to the actual theft of real-world funds. 

Cyber Security Breach: Here’s What Happened 

Our client’s third-party 401k company received spoofed requests for 401k distributions from four employee accounts.

Shockingly, these requests all appeared to be completely legitimate. 

The requests were filled out on the proper forms (which the attacker must have accessed), had valid employee information (like names, birth dates, Social Security numbers and so on) and were faxed to the 401k company. Each of the targeted employees was of the correct age to request distributions. 

In the scariest twist of all, none of the requests asked for a distribution that exceeded the employee’s account balance, which would have been an obvious red flag. And someone posing as each account holder called the 401k company to verify the distributions. As far as the 401k company was concerned, the requests were legitimate.  

The upshot? A cyber criminal got away with almost $500,000, stolen from the accounts of hard-working, long-time employees who are counting on that money for retirement.  

As we investigated the situation and cyber security breach, we unearthed several bad practices: 

  • The 401k company wasn’t using multi-factor authentication (MFA) on its web portal, increasing the likelihood that stolen or leaked credentials could be used to log in.
  • The client hadn’t been regularly installing software patches on various systems.
  • The client’s employees had emailed passwords for master key vaults to each other using unencrypted emails. 
  • Documents containing sensitive personally identifiable information (PII) had been sent to others via unencrypted email.
  • The client’s HR department didn’t have a policy that required employees or past employees to be notified when 401k disbursements were requested.

Tracking Down the Compromise

So where exactly did the security compromise occur? It’s hard to say, but the FBI has opened a case and a forensics team from the client’s insurance company is on it. An employee’s email could have been compromised, meaning that their passwords may have been detected. This would have allowed a cyber criminal to get into the email and download any information. An employee may have been phished and a virus attached to that computer or their credentials stolen. Passwords for the 401k accounts might have been skimmed from emails. Or it could have been an insider attack, where a disgruntled current or former employee could have tapped into the 401k account information.

Cyber Security Tip Takeaway

To safeguard your company and personal information that your company’s systems contain, you should read through the bulleted list of factors above. Are you doing business in any of these same ways? Take the time to discuss security and policies with your 401k provider. Do you understand the terms and conditions of your cyber security insurance? Has your company email been compromised? If so, has your IT department or managed services provider addressed the necessary issues? How are requests for 401k disbursements handled? Do your employees know about the dangers of sharing passwords? Are your employees aware of the risks of phishing?  

Unfortunately, viruses and data breaches like this are getting increasingly sophisticated, and happen on an increasingly regular basis. Check out the “11 Eye Opening Cyber Security Statistics for 2019” from CPO Magazine.

Don’t despair, there are smart, concrete steps that you can take to train your employees, defend your assets and be prepared if a leak or breach occurs. In fact, one of the first things we do when we start working with a new client is to assess their vulnerabilities, analyze risks and make recommendations to secure their unique environment. We offer training to help employees improve their general cyber security hygiene as well as more specific training including sessions for company administrators regarding best practices to use with vendors.

Our goal is to help our clients run a tighter ship; one that can weather even the perfect storm. 

Pro-tip: If you work with any vendor that stores any personal information (think employees, customers and vendors) and isn’t using multi-factor authentication (also known as two-factor authentication) find a new vendor as soon as possible. 

Posted in
Dave Hatter

Dave Hatter

Dave Hatter (CISSP, CCSP, CCSLP, CISA, CISM, PMP and ITIL) is a cyber security consultant, writer, educator and on-air media contributor. See hundreds of Dave’s expert interviews on cyber security on his YouTube channel, or tune in to 55KRC every Friday morning at 6:30 for his “Tech Friday” segment.

Share this Blog

Enterprise Password Management Promo Wide

Is Your Name or Birthday a Part of Your Password?

If so, you’re a part of the 59 percent of people who don’t follow proper password hygiene. More than 70 percent of passwords are used for more than one system, meaning if cybercriminals crack one, they can access a lot more accounts.

Our free Enterprise Password Management Guide will give you the best password hygiene practices to help you secure your computer and your business.

Download the Guide

Explore the Latest Trends in IT

Fundamentals of Information Technology Management - Intrust

IT 101: What Is Information Technology Management?

When was the last time you stopped to think about how your business relies on technology? Information technology management is...
Avoid Pig-Butchering - Intrust IT

Pig-Butchering Scams: What They Are and How to Stay Safe

At Intrust IT, we understand that it may feel like the specter of cybersecurity is always breathing down your neck....
3 Reasons to Replace Aging Equipment - Intrust IT

Three Compelling Reasons Your Company Should Replace Its Aging Computers Before Year-End

As the end of the year approaches, businesses everywhere are evaluating their budgets and looking for strategic opportunities to invest...
What are managed services - Intrust IT

What Are Managed Services? And What Are the Benefits?

Running a business in today’s tech-driven world means you need reliable IT infrastructure. But let’s be honest, managing IT in-house...
Windows 10 End of Life How This Could Impact Your Business - Intrust IT

Windows 10 End of Life: How It Could Impact Your Business

As Microsoft officially plans to end support for Windows 10 on October 14, 2025, businesses need to begin thinking ahead....
AI implementation Roadmap Intrust IT

Master AI Integration With Our AI Implementation Roadmap Guide

AI is one of the greatest technological breakthroughs of the last few years. It has become our handy assistant, data...