Europol put an end to the operations of a Franco-Israeli CEO fraud group. The threat actors used business email compromise (BEC) attacks to steal money. This led to €38,000,000 stolen in just a few days from one organization.
Details About the Europol Investigation
It took the collaboration between Europol, French, Croatian, Hungarian, Portuguese, and Spanish authorities to take down the cybercrime group.
Police forces managed to confiscate equipment, block accounts, and make several arrests during this operation.
During the crackdown operation, the law enforcement authorities performed eight house searches seizing electronic equipment and cars and freezing bank accounts holding a total of €5,100,000 and another €350,000 in digital assets.
The authorities arrested eight individuals (six in France and two in Israel), including the leader of the CEO fraud group. The whole action stretched between January 2022 and January 2023.
How the CEO Fraud Group Operated
The scammers reached the targeted employees while impersonating CEOs. This was meant to convince them to transfer large sums of money into the hacker’s accounts. The threat actors then moved the money to different accounts from Europa and China, before cashing it in Israel.
Using typically business email compromise (BEC) scams, hackers breached an email account in the targeted organization to be able to spy on internal communication. This allowed them to identify the perfect opportunity to strike.
When the right time comes, the fraudsters send an email from the compromised user and request the accounting department to make a last-minute change to the receiving bank account details.
Alternatively, scammers may impersonate a contractor and request a payment out of the blue or impersonate the CEO to instruct the accountants to make an urgent transfer.
In December 2021 the CEO fraud group targeted a large French metallurgical company. They managed to steal €300,000 and tried to transfer another €500,000 before the victim realized the fraud. They did all this by impersonating the organization’s CEO.
On another occasion, the hackers targeted a real estate developer from Paris. They pretended to be lawyers and convinced the Chief Financial Officer (CFO) to move €38,000,000 into their accounts.
In consequence, authorities connected the two cases and managed to uncover the whole scheme.
If you liked this article, follow us on LinkedIn, Twitter, Facebook, and YouTube for more cybersecurity news and topics.
If you liked this post, you will enjoy our newsletter.Get cybersecurity updates you\’ll actually want to read directly in your inbox.