Air India lost £230,905 to phishing scam carried out by Nigerian hackers

Air India lost £230,905 to phishing scam carried out by Nigerian hackers

Lack of cyber training leaving employees vulnerable to phishing attacks

Employees at Air India, India’s only government-owned airlines company, fell for a sophisticated phishing scam in 2017 that involved Nigerian hackers posing as employees of Pratt & Whitney and demanding the transfer of $300,000 (£230,905) to a bank account located in Nigeria.

A report published by Outlook India has revealed that Air India has failed to recover the lost sum from the Nigerian Bank but the airline insists that investigations into the loss of money to the phishing attack are still underway.

Pratt & Whitney supplies engines for A320 passenger planes flown by Indian aviation companies, as well as a large variety of equipment and spare parts that are ordered by such firms in large numbers every year.

Air India is, at present, suffering from mounting debts and is not able to operate fluidly as a large number of its planes are presently grounded due to the lack of spare parts that are manufactured by US-based aircraft equipment manufacturers such as Pratt & Whitney, GE Aviation, Honeywell, Turbomeca, and CFM International. The loss of a large amount of money to cyber fraudsters has further impacted its procurement efforts of essential items.

Phishers also successfully conned Facebook & Google employees

The successful phishing attack targeting Air India employees posted to its New York office took place reminds us of the elaborate phishing attack that swindled as much as $100 million from Facebook and Google, with the hackers posing as vendor companies.

For two years between 2013 and 2015, a Lithuanian national named Evaldas Rimasauskas impersonated a vendor company named Quanta Computer and demanded payments for goods and services from Google and Facebook employees. He interacted with them via phishing e-mails.

Once he received the said payments, he transferred the money to a number of banks located in countries like Latvia, Cyprus, Slovakia, Lithuania, Hungary, and Hong Kong. The successful phishing attack not only revealed that even large firms like Google and Facebook are vulnerable, but also the fact that they kept silent about it even after they discovered that they were tricked.

In March this year, Rimasauskas pled guilty in a U.S. District Court in Manhattan for his crimes and agreed to forfeit $49.7 million even though he wasn’t charged with carrying out these crimes alone.

In September 2017, a scammer also conned MacEwan University in Canada of 11.8 million CAD after he convinced employees to change payment details for a vendor using email communications. After the phishing attack was discovered, the university said that “controls around the process of changing vendor banking information were inadequate, and that a number of opportunities to identify the fraud were missed.”

ALSO READ: Australian millionaire loses $1 million to major e-mail scam

 

Copyright Lyonsdown Limited 2021

Top Articles

Amazon fined a staggering £636 million in Europe for GDPR violations

Luxembourg’s National Commission for Data Protection (CNPD) has imposed an unprecedented fine of €746 million (£636 million) on Amazon for GDPR violations.

SysAdmin Day 2021: Paying thanks to the unsung IT heroes

Today is SysAdmin Day when we should pay tribute to the system administrators working around the clock to keep business running smoothly

Former First Sea Lord says Royal Navy ships are vulnerable to hackers

A former First Sea Lord has warned that Royal Navy ships and Britain's merchant fleet could become sitting ducks for hackers if adversaries find ways to knock out satellite communications.

Related Articles

[s2Member-Login login_redirect=”https://www.teiss.co.uk” /]