The scam which almost took down the Aussie MP for Cyber Dr Andrew Charlton
Almost a decade ago, Special Envoy for Cyber Dr Andrew Charlton’s start-up nearly went bust when it lost tens of thousands in a cyber attack.
The Australian MP tasked with keeping the nation safe from cyber criminals was once a victim himself.
Special Envoy for Cybersecurity Dr Andrew Charlton was a successful start-up founder in another life, building a data analytics business which nabbed big four banks and US tech giants as customers.
It was so successful it was acquired by Accenture in February 2020, with the company’s then-chairman Bob Easton describing the business at the time as having “carved out a unique and differentiated position in the local marketplace”.
But, five years earlier, it almost fell over.
The year was 2015, the business had been running for about 12 months and with two young children, Dr Charlton decided it was finally time to take a holiday.
“After about a year the business had begun to feel a little bit stable, we were employing some more people and we had a second office that we’d opened after moving out of my attic,” Dr Charlton said.
It was the perfect opportunity to attack, a cyber criminal had found, who had begun to impersonate him.
Their method was simple: they created an almost identical email address, trading the “o” in his last name for a “0” and then struck up a conversation with his business manager, talking up the holiday.
“They were able to write it in a style that I would write and engage in the back and forth with the business manager very successfully to the point where they didn’t question it,” Dr Charlton said.
The emails went on for four days with the person requesting money be transferred into an account for business development.
Prior to the attack, the transfer would have been impossible as Dr Charlton had a dongle from CBA which required him to manually approve payments.
“We needed triple factor authentication. We had been extremely careful but because the business had just got to the stage where it was a little bit comfortable, I took my first few days off,” Dr Charlton said.
“We had just had another child so I said, ‘while I’m away, I’ll give you both the dongle.’”
When his business manager contacted him while he was away to approve some costs related to business development, Dr Charlton obliged.
“And then it became clear one morning that we’d been the subject of a cyber attack. I logged into our bank accounts and I saw immediately we had lost tens of thousands of dollars,” Dr Charlton said.
“It really felt like the floor had dropped out from underneath me. We were just a small business. I couldn’t understand who would want to target me.”
The cyber criminal impersonating Dr Charlton had been quick. “It was either a massive coincidence, literally the day I was leaving, this started, or someone was watching me or had access to my email,” Dr Charlton said.
Over four days, a cyber criminal had successfully extracted well north of $50,000 from AlphaBeta’s accounts.
Almost one decade later, Dr Charlton said he still knows little to nothing about the scammer.
“We banked with Commonwealth bank and they said that the money had been moved into another bank account and taken offshore very quickly,” he said. “The bank was helpful but they were very limited in what they could do.”
AlphaBeta was able to recover about $12,000 which was yet to be moved offshore.
“To be totally honest, I’m not even sure whether cyber insurance was a thing for small businesses back then … it might have been, but if it was, I wasn’t really even aware of it,” Dr Charlton said.
While AlphaBeta was able to recover, Dr Charlton said he was conscious as many 50 per cent of small businesses who suffer a cyber attack don’t survive.
There’s also a larger cost at play, which he describes as the “digital chill”.
“The direct cost of cyber security incidents to the businesses like mine that lost money is a big cost … but the bigger cost I think is for all the businesses who even aren’t the subject of a cyber attack but who fear it and therefore don’t engage in the digital world,” Dr Charlton said.
“If the direct cost of loss of money and time in cyber security attacks is measured in the billions, then I think that the impact of the digital chill on our whole economy is probably measured in a number many times larger.”
More Coverage
Uber to offer free EV rides at Australian Open
As interest in EVs falls among Australians, ridesharing giant Uber hopes to turn that around. Here’s how you can get a free ride.
Inside the $2.17 trillion battle to make our homes smarter
Product launches took a back seat to a bolder narrative from big name brands at the world’s biggest consumer electronics show in Las Vegas this year.