Toyota Car Seat Supplier Pays $37 Million to BEC Scammers

  • Toyota Boshoku paid BEC scammers $37 million back in August and disclosed the incident now.
  • The actors tricked a single employee through social engineering after they had compromised an internal email address.
  • Toyota has had a very turbulent cyber-security year so far, with multiple breaches, ransomware attacks, and now a BEC scam.

Toyota Boshoku announced last week that they had fallen victims to a BEC (Business Email Compromise) attack, losing 4 billion yen due to it. This is the equivalent of about $37 million, so it’s a pretty large amount of money for the entity. As the announcement details, the scammers targeted the European subsidiary of the firm and provided fraudulent payment directions that Toyota’s employees accepted and processed. The firm has actually noticed the potential risk of the transaction soon after it went through and tried to recover the leaked funds, but this request has not been approved yet.

The incident occurred on August 14, 2019, and the attack was based on social engineering targeting a single employee. As much as this employee may feel sorry about what happened, he/she should have taken steps to confirm the validity of the payment request beforehand. As we have discussed in the past, BEC scams are usually conducted through an internal email address that has been previously compromised by the actors. This can make it especially hard to distinguish between legitimate requests and scammer messages. However, there are protection measures that can be incorporated, and Toyota Boshoku seems to be lacking in this area.

For example, automatic scam detection and alerting systems that can identify fraudulent messages and warn the recipient should be a no-brainer for companies of this size. Two-factor authentication for accessing email accounts internally should also be a good step to prevent take-overs that result in the losses of millions. And finally, training employees on how to identify the signs of a scam and how to use protective tools are key in the whole situation. As long as companies continue to underestimate these basic anti-BEC measures, actors will continue to ramp up their efforts to grab large amounts of cash from them.

Toyota hasn’t had a good cybersecurity year so far. Back in February, the Australian arm of the car manufacturer announced a ransomware attack against their systems but told the public that they successfully managed the incident without compromising any client data. In April however, a story surfaced about multiple Toyota data breaches in Japan, Vietnam, and Thailand, with the number of customers who were affected reaching a staggering 3.1 million. The data that was exposed was sensitive, including names, addresses, emails, etc. The hackers behind these attacks were state-supported cyber-espionage groups like APT32.

Do you trust large enterprise networks with your sensitive personal data, or do you try to avoid it as much as possible? Let us know where you stand in the comments down below, or on our socials, on Facebook and Twitter.

Latest
How to Watch Interior Design Masters Season 4 Online from Anywhere
Fans of this reality show, which offers ambitious designers a chance to demonstrate their abilities and pursue their dreams of becoming professional...
How to Watch Rock The Block Season 4 Online: Stream the Renovation Series from Anywhere
Rock the Block, the smash hit home remodeling contest series, is back for its most fantastic season ever! The new six-episode season...
How to Watch Spring Baking Championship Season 9 Online: Stream the Cooking Competition from Anywhere
There’s no better way to welcome spring with some freshly baked goods, and that’s precisely how we’ll usher in the good weather...
For a better user experience we recommend using a more modern browser. We support the latest version of the following browsers: For a better user experience we recommend using the latest version of the following browsers: Chrome, Edge, Firefox, Safari