ArrowArtboardCreated with Sketch.Title ChevronTitle ChevronEye IconIcon FacebookIcon LinkedinIcon Mail ContactPath LayerIcon MailMenu BurgerPositive ArrowIcon PrintIcon SearchSite TitleTitle ChevronIcon Twitter
Business

JAL falls prey to biggest email swindle against Japan Inc.

$3.4m loss tops them all, but email scams continue to spread

Scammers are getting at Japanese businesses by exploiting vulnerabilities in trusted partners in their supply chains.

TOKYO -- Japan Airlines has lost 384 million yen ($3.39 million) to a sophisticated con involving email purporting to be from an actual business partner.

The carrier revealed its misfortune Wednesday. But the most expensive known email swindle against a Japanese company actually went down months earlier.

JAL got word Oct. 7 from an overseas financial institution it leased aircraft from that payment should be deposited into the usual account. This set off warning bells, as the bill had supposedly been paid already.

An employee confirmed that JAL had received email with a bill specifying a new account with a Hong Kong bank for the leasing fees to be paid into. The airline had transferred 360 million yen to the account.

A closer look revealed the critical one-character difference between the sender's email address and the financial institution's. By the time the scam was uncovered, the money had all been withdrawn from the receiving account.

The details of the money transfer had been checked by multiple people, none of whom picked up on the fraud. The scammers had sent a bill closely resembling the genuine article right before the payment's due date. JAL rushed the payment, knowing that it could not use the leased planes if it failed to pay on time.

It has been revealed that the airline was also swindled out of 24 million yen in a similar ploy in August and September involving email exchanges with cybercriminals pretending to be a U.S. cargo business.

Gone phishin'

Such business email fraud has proliferated rapidly around the globe in recent years. The 40,000-plus reported incidents worldwide from October 2013 to December 2016 caused $5.3 billion or so in actual and attempted losses, according to the U.S. Internet Crime Complaint Center.

Europe has suffered particularly big thefts. Austrian aerospace parts maker FACC lost nearly 42 million euros ($49.8 million at present rates) to fraud that came to light in January 2016. Germany's Leoni, which supplies electrical cables for automobiles, said in August that year that it had lost around 40 million euros to a similar scheme.

Japanese information security companies have long warned of such attacks, but losses in the millions or tens of millions of yen have appeared frequently. A Trend Micro poll of 1,361 digital security personnel at Japanese businesses found that 13% received fraudulent business emails in 2016.

Working an angle

Budget carrier Skymark Airlines received email supposedly from a client this October, requesting payment of 2 million yen. Officials found it suspicious, and the fraud was foiled. But the sender's address precisely matched that of a company partner. The email account had very likely been compromised.

Scammers are "searching for openings at clients or other related parties to mount attacks," said President Nobuo Miwa of Japanese information security company S&J. Even when an enterprise's own security is strong, customer data or product designs entrusted to partners can end up compromised, or its own systems infiltrated, if parties in its orbit are lax.

In an incident that came to light this April, customer information was stolen from sites including a ticket sales website for the Japan Professional Basketball League after hackers targeted a software developer subcontracted to by Pia, the company the sports league had entrusted with selling tickets.

Sponsored Content

About Sponsored Content This content was commissioned by Nikkei's Global Business Bureau.

You have {{numberArticlesLeft}} free article{{numberArticlesLeft-plural}} left this monthThis is your last free article this month

Stay ahead with our exclusives on Asia;
the most dynamic market in the world.

Stay ahead with our exclusives on Asia

Get trusted insights from experts within Asia itself.

Get trusted insights from experts
within Asia itself.

Get Unlimited access

You have {{numberArticlesLeft}} free article{{numberArticlesLeft-plural}} left this month

This is your last free article this month

Stay ahead with our exclusives on Asia; the most
dynamic market in the world
.

Get trusted insights from experts
within Asia itself.

Try 3 months for $9

Offer ends June 30th

Your trial period has expired

You need a subscription to...

  • Read all stories with unlimited access
  • Use our mobile and tablet apps
See all offers and subscribe

Your full access to the Nikkei Asian Review has expired

You need a subscription to:

  • Read all stories with unlimited access
  • Use our mobile and tablet apps
See all offers
NAR on print phone, device, and tablet media