Recent reports of a phishing attack on Mayfair art dealers have revealed that “at least nine galleries or individuals were affected, including Hauser & Wirth, and London-based dealers Simon Lee, Thomas Dane, Rosenfeld Porcini and Laura Bartlett”. Lost sums ranged from £10,000 to £1,000,000.
It appears that hackers gained access to art dealers’ email accounts and monitored both incoming and outgoing correspondence. The attackers then waited until the gallery emailed an invoice to a client following a sale, before sending a second email impersonating the gallery and informing the recipient to disregard the first email. The second email contained a fraudulent invoice that included bank details for the hackers’ account, which the client then paid into.
A number of London galleries have taken preventative steps to reduce the likelihood of suffering a similar attack. Invoicing procedures have been “overhauled” and standard warnings about cyber fraud are issued automatically with every invoice. Simon Lee’s gallery now has his accountant confirm banking details with clients over the phone.
The most important line of defence against a phishing attack is the person who receives the email. If you are able to identify and correctly respond to a malicious email, the danger can be mitigated. With the volume and sophistication of phishing attacks on the increase, it is important to increase awareness of the risks of phishing.
For further reading on phishing, take a look at our infographic here.
Also, consider our Phishing Staff Awareness Course, which provides an introduction to understanding and spotting phishing scams, and helps reduce the chance that an employee will hand over confidential information or inadvertently infect your systems.