Hacker scams a company to buy more than £400k in luxury cars from attacked account

Information security incidents can occur in multiple different ways. A few days ago, a hacker managed to access the systems of a British company to order cars worth more than £400k, including some models from well-known brands, including a luxury Aston Martin.

The attack was not detected until the managers of the affected establishment received the first of multiple calls related to some bills. The hacker ordered a total of 40 cars from three different car leasing companies, all in just one afternoon.

Jason Watkins, the sales manager of M4 Van Centre, located in Swindon, England, said the company did not have to make any payment for fraudulent orders, however, three of its suppliers have decided not to accept orders from this company until the information security incident is investigated and clarified. The company buys about 60 cars each month for sale in the area.

Affected company facilities

Although the damage resulting from the incident was contained, the managers acknowledged that the consequences could be catastrophic: “This could be disastrous for a smaller business; fortunately, we have the means to withstand an incident of this nature,” admits the sales manager.

The incident was reported to local authorities; company executives expect the attack to be investigated as an electronic fraud attempt. The company representative says their information security team managed to detect an IP associated with the fraud perpetrator, in addition to other traces, although he mentions that at the moment that information can only be shared with the authorities.

Local police mention that the report was received on 27 January, and that the investigation is already ongoing. According to the International Institute of Cyber Security (IICS), in the United Kingdom this class of crimes are investigated by the National Fraud Intelligence Bureau (NFIB), which receives fraud and cybercrime reports from across the UK for the purpose of locate areas of concentration of activity, criminal profiling and design strategies for containment and prevention of electronic fraud and other cybercrime.