And Cyber Security Liaison Hill Snover
The Story
“You can’t verify enough,” claimed co-owner of Gotham Restaurant, Bret Csencitz, according to a New York Times Article (NYC). In May 2024, the Greenwich Village restaurant fell victim to a cyber attack that seemed trustworthy and cost them everything.
All it took was an email that looked exactly like any other email from their payroll company. The message stated they were changing banking information due to “internal issues” and needed to redirect the restaurant’s money.
The HR staffer reported the email to co-owner Csencitz right away and they compared this message with other messages from payroll. It seemed legitimate. So, he wired the money to the new account.
Only hours later did they notice something off. They found the slightest spelling error in the URL – an extra letter in the email address of the sender. But by then the damage was done. The 40-year-old restaurant lost $45,000 and as they were still recovering from the hardship of COVID-19 shutdowns, it was the final nail in the coffin. Csencitz had to make the painful decision of “temporarily” closing the restaurant’s doors and letting go of staff.
When he contacted his bank about the event, the bank did nothing. And he didn’t have any form of cyber insurance to rescue him. Csencitz had to file a report with the FBI with no guarantee of ever seeing that money again.
In November 2024 they permanently closed their doors after filing Chapter 11 bankruptcy.
The Cyber Situation
Gotham Restaurant was not a major corporation. It was an upscale eatery in Manhattan with a book nook, a bistro, and a bar. That didn’t stop the cyber scammer from setting his trap and destroying the business. Inserting himself into an email conversation that was already going on is what we cyber geeks call a “man in the middle attack.” It’s becoming a more common form of infiltration that relies on human error and lack of attention to detail and can slip into any email conversation. Anyone – even careful businessowners – can fall for it.
This didn’t need to happen to Gotham, though.
One phone call to the payroll company could have alerted them to the scam and spared them from disaster. But all of us are human, and we are all capable of small yet costly mistakes.
Preventable Measures
Other than a simple phone call, there were other steps Csencitz could have taken to prevent all of this.
One, was Cyber Security Insurance. In the event that he still wired the funds and realized his mistake after, he could have been reimbursed by the insurance company and not have gone under. Sure, insurance requires regular payments. Paying $5,000 a year sounds like a lot. But for a functional business that pays peoples’ salaries, it is significantly less costly than a complete and total shutdown.
Another was Remote Monitoring. With the assistance of a diligent cyber security company watching over the company’s IT fucntions, the presence of an unfamiliar email address could have been caught and reported. With this alert alone, Csencitz and his HR staff would have recognized the danger immediately and never have fallen prey to the attack.
Another was Cyber Security Education. Knowing how these devious cyber criminals work forces one to be more vigilant. Csencitz and staff were already suspicious, so they compared the email with others to check its legitimacy. They should have trusted their gut more and gone further – made the phone call. Blocked the user.
You don’t need to be a cyber genius to sense danger. But you do need the security to confirm your suspicions.
You also don’t need to run a Fortune 500 Company to catch the attention of malicious Cyber Scammers. Any small or medium business will do.
Bret Csencitz was right, you can’t verify enough. But with the help of a trustworthy cyber security service, you don’t have to do it alone.
Educate yourself. Reach out to Cyber Security Professionals. And consider getting your business insured against cyber attacks. What you do matters and deserves to be protected.
Sincerely,
