Even if you know the counterpart in a transaction, it still pays to check that each transaction is above board…:
Hackers stole $4.7 million from a Dutch art museum in a business email compromise scheme.
The unknown cyber criminals had been sniffing emails between the Rijksmuseum Twenthe art museum and art dealer Simon Dikinson as the two parties worked out the sale of a painting by 19th century landscape artist, John Constable.
After tracking months of negotiations, the hackers impersonated Dickinson through spoofed emails and convinced the museum to send £2.4 million ($4.7 million) to a Hong Kong bank account in exchange for the painting ‘A View of Hampstead Heath: Child’s Hill, Harrow in the Distance’.
By the time the fraud was detected, Constable’s landscape had already arrived at the Dutch museum.
Although it was not determined which party had their email systems compromised, the museum tried unsuccessfully to sue Dickinson for damages over the incident earlier this year.
The art dealer’s lawyer argued that the museum should have taken reasonable steps to ensure that the emails pertaining to the large transaction were legitimate, Bloomberg reported.