A fake Zoom invite has led to the demise of a successful Sydney-based hedge fund and nearly cost it $8.7million after a hacker was able to send off fake invoices on behalf of the firm.
On Monday, the AFR reported that Levitas Capital was forced to close after its major client Australian Catholic Super withdrew its funds in the wake of the September cyber attack.
The hedge fund’s cyber investigators have pinpointed a fake Zoom invite opened by one of the fund’s cofounders Michael Fagan or Michael Brookes.
By doing so, the hacker was able to install a malicious software program that gave them access to the fund’s email system which they used to send off fake invoices.
Fagan first noticed the hack on September 23 when he checked the fund’s online banking.
“By chance on that Wednesday morning, Mr Fagan was in the office early and checked the company’s Commonwealth Bank account only to discover $1.2 million had been transferred out eight days earlier. The company receiving the money, Unique Star Trading, meant nothing to him,” wrote reporters Angus Grigg and Jemima Whyte.
“Even more curious was that the money had been transferred to an ANZ account in the south-western Sydney suburb of Bankstown, which the fund had never dealt with previously.”
As it turned out, the people behind the attack had sent out a bunch of invoices to the fund’s trustees and administrator — AKA the people who hold or control the money that’s being invested by the fund — to get them to send money to places they shouldn’t.
Following that, a Pakistani national Muhammad Bhatti made 64 (!) withdrawals from one bank where the money was transferred, as well as a small shopping spree, before leaving Australia.
All up, nearly $800,000 of the $8.7 million of fake invoices was spent by Mr Bhatti. The rest was caught before the money cleared, fortunately for the fund.
So, like with other Zoom scams, be careful what link you click!