Stockholm (NordSIP) – Norfund has announced it had been exposed to a serious case of fraud through an advanced data breach that said scammers attempt to divert funding from one of Norfund’s investments.
“This is a very unfortunate situation. We now have to get a full overview of the chain of events in order to get to the bottom of this. Based on findings, we will introduce further measures and strengthen routines to prevent this from happening again,” Olaug Svara, Chair of the Board of Directors of Norfund said.
According to Norfund, the defrauders were able to access information concerning a loan of US$10 million from Norfund to a microfinance institution in Cambodia through an advance data breach. The defrauders manipulated and falsified information exchange between Norfund and the borrowing institution over time in a way that was realistic in structure, content and use of language. Documents and payment details were falsified.
As a result of this extensive manipulation of communication, the defrauders were successful in diverting funds to an account not belonging to the intended recipient. The name of the account holder was the same as the name of the microfinance institution in Cambodia. The funds have been diverted to Mexico. The fraud took place on the 16th of March. The fact that the defrauders were able to manipulate the communication between Norfund and the intended recipient was a major contributing factor in delaying detection. The fraud was discovered on the 30th of April, as the scammers initiated a new fraud attempt. This attempt was discovered and prevented. So far, Norfund has not uncovered any further fraud attempts beyond the two above mentioned incidents.
“This is a grave incident. The fraud clearly shows that we, as an international investor and development organisation, through active use of digital channels are vulnerable. The fact that this has happened shows that our systems and routines are not good enough. We have taken immediate and serious action to correct this,” said Tellef Thorleifsson, CEO of Norfund.
The incident has been reported to the authorities and the Ministry of Foreign affairs, Norfund’s owner. Moreover, PwC has been hired to undertake an external, independent evaluation of company routines and security systems.
According to the Norwegian Centre for Information Security, the Norwegian National Authority for Investigation and Prosecution of Economic and Environmental Crime and DNB this type of fraud cases as an increasing problem for Norwegian companies.
“Fraud cases of this kind are performed by very sophisticated criminals. With access to e-mail communication between two parties, they can familiarise themselves with how the parties correspond,” said Terje A. Fjeldvær, head of fraud prevention at DNB, Norfund’s bank. “The payments they initiate therefore deviate very little from ordinary payments performed by the victimised company and become very hard to detect and prevent.”