The publication said Monday (Sept. 9) that Toyota Boshoku Corporation, one of Toyota’s car parts suppliers, lost more than $37 million to a Business Email Compromise scam, in which a cybercriminal directed a professional within the company to pay a fraudulent vendor invoice.
“A recent case involving fraudulent payment directions from a malicious third party … has resulted in a financial loss at our European subsidiary,” Toyota said in a statement. “We became aware that the directions were fraudulent shortly after the leakage.” Toyota said the incident took place in August.
“Recognizing the high possibility of criminal activity, we promptly established a team comprising legal professionals, then reported the loss to local investigating authorities,” Toyota continued. “While cooperating in all aspects of the investigation, we are devoting our utmost efforts to procedures for securing/recovering the leaked funds.”
In an interview with the news outlet, Digital Guardian Vice President of Cybersecurity Tim Bandos said organizations must include cybersecurity as part of their overall business practices, “because IT security tools are not infallible against human behavior.”
He recommended third-party validation for any financial requests, as well as the adoption of payment procedures that similarly require multi-step authentication and approval.
Earlier this month reports surfaced of fraudsters using artificial intelligence to mimic the voice of one company’s CEO and request a supplier payment over the phone. It’s unclear how much money that company lost, while cyber experts also say it’s not certain whether such “deepfake” tactics will become the norm.
Cybersecurity company Agari recently released data that estimates $13.5 billion has been lost to the Business Email Compromise scam between 2013 and 2018.