The finance
chief at Fortelus Capital Management LLP got an alarming phone call just as he
was getting ready to leave work on a Friday.
When Meston logged on to the firm’s online
bank account the following Monday, he saw that 742,668 pounds ($1.2 million)
was gone. Coutts, a unit of Royal Bank of Scotland Group Plc, had no record of
the Friday phone call. Meston had been conned.
Meston was terminated by Fortelus and is now
being sued by the fund, which says he breached his duty to protect its assets.
Details of the phone conversation, which took place in December 2013, were
described in documents from the firm’s London lawsuit. Meston denies he was
negligent and says he acted honestly, according to his court documents in the
case.
The incident shows how even the most
sophisticated online security systems can fail because of human error. Firms
too often see cyber security as a technical issue and don’t recognize the risk
of employees being targeted, the Bank of England said in a report last week
that called cyber crime a growing threat to financial stability.
‘Weakest Link’
“People are
always the weakest link,” said Jason Ferdinand, a director at Coventry
University who runs the U.K.’s first cyber security MBA course. Employees
“often assume that they do not have to think about security because a machine
or software is doing it for them.”
Fortelus lawyer Daniel Astaire said no
client funds were affected by the breach, and the firm reported it to the
police, who are investigating. Fortelus has “strong internal policies against
fraud prevention” and this was “an isolated incident,” he said in an e-mail.
Fortelus Capital Management in June 2014
switched its registration to the U.S and no longer has any investment
activities in the U.K., Astaire said. Simon Goldring, a lawyer for Meston,
declined to immediately comment. Meston “believed that he was preventing a
fraud from being carried out against the claimants, and this belief was
reasonable,” his lawyers said in court filings. They said he’s not personally responsible
for the firm’s assets and that Coutts should have to repay Fortelus.
Friday Afternoon Scam
Hedge funds
are not the only victims of a “Friday afternoon scam.” Zurich Insurance Group
AG warned in May that law firms were targeted by fraudsters impersonating bank
staff that asked for access to accounts, often late on a Friday.
The frauds cost firms and their insurers an
estimated 5 million pounds over three months this year, Zurich said. The theft
was carried out by an “unknown third party,” Fortelus said in court documents.
The caller identified himself as “Simon Hughes” from the Coutts Online Fraud
Response team and transfers were made to accounts under names including EE
Traders, AA Ltd., MK Trader, P Plumbers and LLM Client Account, according to
court filings.
Meston says that as part of his termination
agreement with the fund, he has already agreed to give up salary and bonus
payments worth 136,600 pounds. That includes three months he worked without
pay, or about 25,000 pounds, as well as 95,000 pounds in cash and deferred
bonuses that he surrendered.
Jo Thorne, a spokeswoman for Coutts,
declined to comment. “This story is sad because it may well have been an honest
mistake, but because of the technological advances made in finance, where the
majority of their business is digital, significant losses can happen very
quickly,” said Ferdinand. The case is Fortelus Capital Management LLP & Anr
v. Mr. Thomas Meston, High Court of Justice, Queen’s Bench Division, HQ15P02169
Πηγή: bloomberg.com
Δεν υπάρχουν σχόλια:
Δημοσίευση σχολίου