Levitas Capital closing after fake Zoom invite sinks $16m super fund investment
A fake Zoom invite has forced a Sydney hedge fund to close up shop after cybercriminals found a way into their emails in September.
Online
Don't miss out on the headlines from Online. Followed categories will be added to My News.
A fake Zoom invite has forced a Sydney hedge fund to close up shop.
The Australian Financial Review reported on Monday that Levitas Capital’s largest institutional client, Australian Catholic Super, had pulled a planned $16m investment following the September incident and the fund would be closing down.
Cybersecurity investigators hired by the capital fund have since determined a fake Zoom invite was opened by either Michael Brookes or Michael Fagan, who co-founded the business.
The fraudulent invite then planted malicious software on the Levitas network, allowing the hackers to take control of email systems.
RELATED: ‘Dangerous loophole’ exposes your data
RELATED: Porn pauses teen hacker’s hearing
They used that access to send off fraudulent invoices to companies the fund had never previously dealt with, which Mr Fagan told the AFR showed “the manifest failure” of the checks and balances “the entire funds management industry relies on”.
“There were so many red flags which should have been spotted … It makes you wonder where else in the system could this happen?”
At the end of September, Mr Fagan was checking to see if money from the super fund had been deposited into Levitas’ Commonwealth Bank account when he noticed more than $8 million was missing.
He began frantically making phone calls to stop transfers, managing to stop $5 million sent to a Singapore bank and $2.5 million sent to Hong Kong, but he was too late to stop an earlier transfer.
Mr Fagan did receive a call from the fund administrator to verify the transaction, but he told them he’d be in touch to approve because he was at the gym.
He emailed when he returned to the office, and the hackers – who now had access to his emails – later sent one off approving the transfer of $1.2 million to an ANZ account.
Close to $800,000 was then transferred out of that account from ANZ branches around Sydney before a Pakistani national who allegedly made the withdrawals left the country on a Qatar Airways flight.
ANZ said in a statement to the AFR that it continues to work closely with the Australian Transaction Reports and Analysis Centre, law enforcement and the industry to prevent serious financial crimes.
Cybersecurity experts have been warning the recent rise of videoconferencing apps like Zoom created new ways for criminals to hack people.
Originally published as Levitas Capital closing after fake Zoom invite sinks $16m super fund investment