The European retailer group Pepco fell victim to a phishing attack. 15.5 million euros were lost. It is unclear whether the group can get at least parts of it back.
Advertisement
In a statement, the Pepco Group writes that the Hungarian business unit was the target of an advanced fraudulent phishing attack. The attack resulted in the loss of around 15.5 million euros in cash – at least before any possibility of getting some of it back. It is currently unclear whether any funds can be recovered at all. Pepco is pursuing several approaches to this, supported by the group's banking partners and the police.
Pepco phishing: has data been leaked?
The company also writes that, according to current knowledge, no customer, provider or employee information or data was leaked during the incident. The group took immediate steps to investigate and respond to the incident to ensure the integrity of the company's IT and financial control environment.
Pepco has also launched activities to test and strengthen its policies and processes. The group has a strong balance sheet, with more than 400 million euros in liquid assets – from cash and credit lines – and continues to generate strong cash flow from its business activities. The Pepco Group takes financial control and IT security very seriously and is currently conducting a review of all systems and processes in order to secure its business more robustly in the future.
The company does not provide any details about exactly how the phishing attack took place. However, it could be “classic” spear phishing. The fraudsters specifically target company employees, for example with email addresses that are based on typosquatting domains (e.g. he1se instead of heise). They then use social engineering to convince their victims that an urgent transfer is needed to an account controlled by the cybercriminals. Or, as apparently in this case, a suitcase full of money had to be handed over.
In addition to the Pepco stores, the Pepco Group also operates stores under the Poundland name in Ireland and the United Kingdom and under the Dealz brand in Ireland and Poland.
(dmk)