She has been a victim of fraud – twice

The installation company was hacked and forced to pay a ransom of SEK 60,000. Four years have passed, but the incident is still fresh in our minds. Anna-Karin Holzner, who was exposed, says that fraud attempts continue.

The plumbing company’s account was seized
Gabriel confronts Nordea after looting the crooks

Crime and security expert:
This is what happens when scammers empty a company’s account

Four years have passed since then El & Ventilationstyr in Väst had its computer systems hacked by fraudsters who demanded bitcoin, and then around 60,000 Swedish krona, to unlock the systems they had locked down – along with salaries, money and servers with blueprints.

Because the responsible people in the company They wanted to make sure that all data was restored correctly without a lot of manual work, and they paid according to the instructions. When that was done, they could log in and get back to work, says the company’s chief financial officer, Anna-Karin Holzner.

But although the problem was solved, the incident is still fresh in memory.

– Yesterday during lunch, I told another CFO who was involved in the same thing. The fact that we were hacked was not due to laying on of hands, she says, so I was able to get rid of it on a personal level, even if it was unpleasant.

It was worse when she was She was exposed to so-called phishing at her previous workplace where she worked as a finance manager. She received an email from the company’s CEO, who is also her friend. But it turns out that scammers were the ones who sent the email in the CEO’s name.

“It was Friday afternoon and I felt bad all weekend until we got word from the bank on Monday that they were able to stop the transaction.”

In the email, the “CEO” asked. She must quickly transfer £15,000, equivalent to about 110,000 kroner, to an account in Great Britain. Anna-Karin Holzner transferred the funds and confirmed this in an email to the CEO.

– Since my CEO had done real estate deals abroad and had just visited London, I didn’t think there was anything strange about it. Later, I thought she was saying “Hi Anna” and not Anna-Karin in the email, but everyone close to me calls me Anna, so that wasn’t something I interacted with either, says Anna-Karin Holzner.

After a while a new one came “I sent an email with a question about whether I had converted, and only then did it ‘click’,” she explains. She checked the address behind the signature in the address bar and saw that it wasn’t the CEO she was communicating with.

– Then I went to our accounting director. We were able to contact the international department of the bank and explained what had happened. It was Friday afternoon and I felt bad all weekend until we got word from the bank on Monday that they were able to stop the transaction. “It was bad and I felt cheated,” says Anna-Karin Holzner.

“We have also introduced a policy of always having two people from the company involved in bank transfers.”

She has never been advised Make transfers without calling and get confirmation over the phone and today she won’t log into her bank ID without verifying again. But she is fully aware that this can happen:

– Fraud attempts are often so sophisticated that you can’t even guess something is wrong, and you now have to use your bank ID for most things. For example, I’ve always thought it was safe to pay with Klarna, but sometimes I think it might be someone other than the person you think is behind the account.

From time to time there are phishing emails On her work account, which she deleted. For example, she recently received an email asking “one of the owners” about the status of the account today. An obvious scam as the owner is Anna Karen Holzner’s husband.

Another case of phishing:
Fraud against plumbing companies was stopped at the last minute

Control of electricity and ventilation in the west The company outsourced its computer systems after the hack in 2019. The servers are located in a server hotel and a consulting company manages business systems housed in the cloud.

-We have also introduced a policy that there are always two company members involved in bank transfers, one prepares the file and the other assists. But it’s not that simple for sole proprietors.