Companies Get Phished, Too
ComputerWorld is reporting that Supervalu Inc., a U.S. grocery chain, is a victim of corporate phishing. It seems the phishers posed as partner businesses and requested that payments for their products be sent to new bank accounts. I'm not sure what their normal practice is to verify such a change but it didn't work in this case.
On Feb. 26 and 28, he said, the company received two fraudulent e-mails — one purporting to be from an employee at American Greetings Corp., and a second supposedly from an employee at PepsiCo Inc.’s Frito-Lay Inc. unit. Both of those firms are approved Supervalu supplier.
Between Feb. 28 and March3, Kilgroff’s filing said, Supervalu deposited more than $6.5million via multiple wire transfers to an HSBC Holdings PLC account listed in the fake American Greetings message.And on March 2, Supervalu said it made eight separate wire transfers totaling $3.6 million to First Security Bank in Rogers, Ark., as requested in the second e-mail.
It's easy to take pot shots at this company, a la The Register which headlines their article on the scam with "World's most gullible supermarket chain falls victim to online scam." More important though is seeing the limits of email for business transactions. We simply can't trust it. If the topic of an email involves the exchange of money then the message can't be trusted. Maybe a few incidents like this will be enough to generate serious interest in digitally signed messaging. There is a lot of entrenched infrastructure to update and difficult questions about getting the process going but it will happen eventually.
Email is broken and we need to fix it.
Email This!
Digg it!
Sphere it!
Del.icio.us
Reddit!
Newsvine
