In October, as Smith Automotive Group was in the process of renewing its cyber insurance policy, the group's controller got an email from CFO Karen Kulinich asking her to wire $190,000 from a specific account.
The invoice and the wording of the email looked legitimate, like something Kulinich would have written. Only Kulinich didn't send the email. She was at a lunch meeting and had communicated that she would be unavailable for a couple of hours. When Kulinich later checked her phone, she said, "that's when both of us just froze."
"She was one click away from sending $190,000," Kulinich said.
The incident prompted the four-store Nissan group in Georgia to talk about adopting multifactor authentication.