E-mail fraud targets IL firm

-A A +A

Spear-phishing attack redirects PCI president’s paycheck

By Kayla Vaughn

An Indian Land company was the victim of a cyber crime last month, costing it more than $13,600.
Christian Kropac Jr., president of PCI Group Inc., said the communications and security company was the target of a “spear-phishing” attack, in which the culprit sends a fraudulent e-mail that appears to come from a trusted source, to trick the recipient into divulging valuable information.
Kropac emphasized that the criminal did not hack into the company’s computer system or have access to any customer information.
“This was a clerical error,” he said. “The incident did not impact, nor could have impacted, any PCI client data.”
The company, founded in 1970, moved its headquarters to Lancaster County in 2008 and has since brought nearly 200 jobs to the area. It specializes in time-sensitive printing and direct-mail services.
According to a Lancaster County sheriff’s incident report, someone began e-mailing a PCI payroll administrator on Oct. 25, posing as Kropac. On Nov. 1, she received an e-mail stating that he had a new bank account number and would need his next paycheck to go into the new account.
On the next payday, Kropac noticed his salary had not been deposited in his account. He quickly notified the PCI security team, who diagnosed the problem and filed a police report.
Upon further investigation, the security team discovered the money had been transferred to a prepaid Green Dot card that can be purchased at thousands of retailers around the country.
Spear-phishing was in the news earlier this week, when the city of Lancaster’s e-mail was hijacked with the intent of spreading a computer virus. Officials said the defensive software used in the city’s IT department cleaned the fraudulent e-mails and attachments of any viruses that may have been sent.
Kropac said no other PCI employees were impacted by the scam, and he stressed repeatedly that no client information was compromised.
“We utilize industry-leading, cloud based, Microsoft Office365 e-mail, including Microsoft’s e-mail security protocols,” he said. “By design, the company’s production and client-facing systems are completely separate, on non-cloud-based secure servers, and located in secure data centers.”
PCI’s website says the company “is a leading provider of mission critical print and mail communications for businesses where security of customer-centric data is paramount, precision and accuracy are crucial and compliance is a must.”

Follow Kayla Vaughn on Twitter @kaybvaughn or contact her at (803) 416-8416.