Afognak Native Corporation says it has recovered most of the money it lost in a phishing scheme last April, when a company controller unwittingly transferred $3.8 million of a subsidiary's money to an offshore bank account.
Afognak's subsidiary, Alutiiq LLC, fell prey to what the company called a "well-coordinated 'spear phishing' and social engineering criminal attack," in a release Wednesday.
The phishing scheme happened in April 2015, CEO Greg Hambright wrote to shareholders last year. The attackers set up an email account that mirrored Hambright's email address and sent an email to Alutiiq's controller that gave instructions about a "confidential transaction" by a person who called minutes later.
Pretending to be an attorney, the co-conspirator requested an "urgent" transfer of the $3.8 million "to an entity later revealed to be a fictitious third party company based in Hong Kong," Hambright wrote. Hambright and the chief financial officer discovered the transfer two days later.
Now, one year later, Afognak says it has recovered most of the money.
A total of $2.56 million was seized from a Hong Kong bank account and returned to Afognak in March. The company will keep trying to recover the remaining amount stolen by the criminal ring, said Alisha Drabek, senior vice president of community and government affairs.
Afognak has also been reimbursed $1.1 million through a settled insurance claim, Drabek said.
Between the seized bank account and insurance money, Afognak has recovered $3.66 million of the $3.8 million that was lost.
Drabek described the attackers as part of a criminal ring based in Hong Kong and Eastern Europe, but did not know more details, including the number of people involved in the attack.
Afognak's attorneys had traveled to Hong Kong and know who the attackers are, Drabek said.
The Afognak Native Corp. is headquartered on Kodiak Island. According to its website, the corporation represents 900 shareholders descended from the Village of Afognak on Afognak Island, directly north of Kodiak.
The company believes the attackers took advantage of a shareholder meeting in Port Lions last April.
"It could have been coincidental, however we do know that it was announced on our Facebook page that our CEO and CFO were at our meeting … It appeared they took advantage of an opportunity while people were away," Drabek said.
Since the incident, the corporation has set up new policies and trained staff on scamming strategies. Whenever money is requested to be transferred, there is a "double verification process," Drabek said.
The controller no longer works for the company, Drabek said, for reasons unrelated to the phishing scheme.