Forensic Investigation Prevents $300M PE Wire Fraud

forensic-investigation-pe-wire-fraud0

Background

The holding company of a multi-billion PE company is shocked to discover a $1M loss associated with a fraudulent wire that was allegedly provided in response to an early loan payoff. The lender never received the payment and was under the impression that the holding company had decided not to make the early payment.

Consequently, the PE company which owned a controlling interest in the holding company hired BW Cyber Services to conduct a forensic investigation of the holding company’s IT and email systems. The purpose of this investigation was to determine exactly how the fraud was performed, as well as ensure that the fraud was not the result of a malicious insider.

Investigation

After a thorough Digital Forensics and Incident Response (DFIR) evaluation BW Cyber Services determined that in reality the PE company had, in fact, been the victim of an email compromise and NOT the holding company. Moreover, the BW Cyber Services DFIR team determined that the PE breach was still ongoing. With this information in-hand, BW Cyber Services worked with the PE company to immediately curtail the malicious attacker’s access as well as proactively prevent any further fraudulent wire attacks at either the PE company or the holding companies associated with the PE company.

Outcome

BW Cyber Services provided multiple critical recommendations associated with the confirmation and transfer of financial resources. Additionally, BW Cyber Services provided multiple critical recommendations associated with the protection of critical data (e.g., subscription documents, loan documentation, potential out-of-band payments, etc.) that an attacker could use to affect future fraudulent activities should that information be accessed.

Within two weeks after BW Cyber Services’ investigation, the PE company completed a $300m transaction that incorporated all the new recommendations provided for enhanced security. Without BW Cyber Services role in both identifying the unauthorized access, as well as providing the enhanced financial security controls, the PE firm could easily have suffered a total loss on the $300M transaction.