SITUATION
A financial institution’s commercial client fell victim to a social engineering attack, resulting in an online banking account takeover and subsequent fraudulent automated clearing house (ACH) and wire transactions. During litigation following the attack, the financial institution retained FTI Consulting to provide an expert witness report to opine on if the financial institution had implemented commercially reasonable cybersecurity standards, and how the commercial client was ultimately responsible for the financial fraud due to their disclosure of sensitive information to the fraudulent actor.
OUR ROLE
FTI Consulting’s Cybersecurity and Financial Services teams worked in conjunction to evaluate hundreds of pieces of evidence, organizing the evidence to scope the levels of relevant review. Citations were provided to evidence all statements made in the report. The Cybersecurity team also investigated call logs, email communications, transaction history, and stakeholder testimonies to understand how the social engineering attack, account takeover, and initiation of illicit wire and ACH transactions occurred. Collaborating with Counsel, the FTI Consulting team generated technically defensible arguments to strengthen FTI Consulting’s expert testimony.
OUR IMPACT
The FTI Consulting team generated an accurate and comprehensive 50+ page expert witness report under an extremely tight deadline. FTI Consulting’s expert ultimately discovered a sophisticated fraudulent scheme that included social engineering attacks targeting multiple employees throughout the commercial client. FTI Consulting also uncovered that the fraudulent actor leveraged processing schedules and bank closing times to initiate transactions and avoid detection. FTI Consulting’s expert report strengthened the financial institution’s argument that they had commercially reasonable controls in place to protect their customers from fraud, and that strategic social engineering of the commercial client was ultimately the reason the fraud was successful.