The Fake CEOs That Stole $40.3 Million
A Team of fraudsters from Israel and France has just been brought down and this is the story of how they used emails to steal over $40 million from one company and how it ultimately led to their demise.
Business email compromise attacks involve hackers using emails to divert large payments at the last second. Typically a hacker will compromise an email account of a CEO or someone else in power and then lay in wait. When the time comes for a payment they’ll send out an email to change the bank account to one of their own.
December 2021
A particular group impersonated the CEO of a large French metallurgical company to divert €300k to a bank account in Hungary, but clearly, this wasn’t enough as a few days later they attempted to steal a further €500k.
But compared to a real estate developer in Paris they got off easy. This time the damages were much more significant. In a similar style of attack, they gained the trust of the CFO, defrauding them into sending €38 million which was then routed through a money laundering scheme all around the world before finally reaching Israel. Pulling this one off required them to pretend to be lawyers of a well-known French accounting firm saying that confidential and urgent transfers were required.
Their Demise
This act is the largest single attack publicly known and led to a joint operation from Europol, Israel, France, Croatia, Hungary, Portugal, and Spain. These 6 different police forces performed 8 separate house searches resulting in the seizing of cars and freezing of bank accounts.
The two attacks were linked after the real estate company filed a complaint in January 2022, which allowed police to match it with the other attack on the French metallurgical company that happened in December 2021
Then came the arrests. A total of 8 suspects were arrested which included the leader of this operation who was based in Israel. A large piece of evidence was because investigators found that the phone calls had originated in Israel which allowed them to trace the suspects.
The investigation lasted 12 months and each country had a specific role in arresting them.
Israel: arrested the mastermind.
France: arrested six suspects.
Croatia: helped identify the real identities of money mules used by the gang, helping them freeze $640000 in stolen funds.
Portugal: seized $3.2 million.
Hungary: interrogated 16 suspects 2 of which are still under investigation while also tracing $7 million in laundered funds.
And lastly, Spain seized $425000
The seizures are also suspected to contain cryptocurrency which was used by the crime group to launder the money.
This type of attack has become rampant and between June 2016 and December 2021, the FBI has said there has been $43.3 billion stolen in these types of scams, showing just how organized these gangs are.
