A Construction Company Gets Hammered by A Keylogger
- Ranjith Manne
- Sep 16, 2025
- 2 min read
Updated: Jan 27
Scenario :
A small construction company made extensive use of online banking and automated clearing house (ACH) transfers. Employees logged in with both a company and user-specific ID and password. Two challenge questions had to be answered for transactions over $1,000. The owner was notified that an ACH transfer of $10,000 was initiated by an unknown source. They contacted the bank and identified that in just one week cyber criminals had made six transfers from the company bank accounts, totaling $550,000. How? One of their employees had opened an email from what they thought was a materials supplier but was instead a malicious email laced with malware from an imposter account.
Attack :
Cyber criminals were able to install malware onto the company’s computers, using a keylogger to capture the banking credentials. Cyber criminals were able to install malware onto the company’s computers, using a keylogger to capture the banking credentials.
They need support and approached Crystalline Software technologies.
RESPONSE :
Help them complete a full cybersecurity review of their systems
Identify what the source of the incident was
Recommend upgrades to their security software
IMPACT :
The company shut down their bank account and pursued legal action to recover its losses. The business recovered the remaining $350,000 with interest. No money for time and legal fees was recovered.The company shut down their bank account and pursued legal action to recover its losses. The business recovered the remaining $350,000 with interest. No money for time and legal fees was recovered.
FURTHER STEPS :
Get notified - set up transaction alerts on all credit, debit cards and bank accounts.
Restrict access to sensitive accounts to only those employees who need access; change passwords often.
Companies should evaluate their risk and evaluate cyber liability insurance options.
Choose banks that offer multiple layers of authentication to access accounts and transactions.
Create, maintain, and practice a cyber incident response plan that is rapidly implementable.
Cyber criminals deliver and install malicious software via email. Train employees on email security.
Identify
Develop the institutional understanding to manage cybersecurity risk to organizational systems, assets, data, and capabilities, i.e. Asset Management, Business Environment, Governance, Risk Assessment, and Risk Management Strategy
Protect
Develop and implement the appropriate safeguards to ensure delivery of critical infrastructure services, i.e. limit or contain the impact of a potential cybersecurity event
Detect
Develop and implement the appropriate activities to identify the occurrence of a cybersecurity event; i.e. enable timely discovery of cybersecurity events
Respond
Develop and implement the appropriate activities to take action regarding a detected cybersecurity event; i.e. contain the impact of a potential cybersecurity event
Recover
Develop and implement the appropriate activities to maintain plans for resilience and to restore any capabilities or services that were impaired due to a cybersecurity event; i.e. timely recovery to normal operations to reduce the impact from a cybersecurity event.
