A bank transfer fraud cost this company millions – here’s how to stay safe
Orion SA, a global supplier of carbon black (a solid form of carbon), has announced that it has fallen victim to a sophisticated scam and ultimately transferred $60 million to the scammers’ accounts.
The company confirmed the fiasco in a 8-K Form filed with the U.S. Securities and Exchange Commission (SEC) on August 10.
In the document, the company said an employee (not a member of the C-suite) was targeted by criminals: “On August 10, 2024, Orion SA determined that an employee of the company, who is not a Named Executive Officer, was the target of a criminal scheme that resulted in multiple fraudulently induced outgoing wire transfers to accounts controlled by unknown third parties.”
Insurance coverage
Orion did not share further details about the attack, but since it involved multiple transfers conducted by an employee, we can assume it was a Business Email Compromise (BEC) attack.
In BEC attacks, a malicious actor may gain access to an executive’s email account or impersonate an executive through identity theft.
They then contacted an employee who had access to company funds and tried to trick him into making a payment. Sometimes they claimed that the company was buying a competitor and that the whole process had to be done quickly and quietly, so as not to attract the attention of the media or other companies, which could jeopardize the deal. In some cases, the crooks even called the victims to convince them to move faster with the transfer.
BEC attacks work exceptionally well, especially in large organizations where many employees never meet their C-suite executives, don’t know how they speak or behave. In fact, some reports say that BEC is one of the most devastating forms of cybercrime, alongside ransomware.
Orion said it had thoroughly investigated the matter and found no other fraudulent activity or anyone stealing sensitive company data. It did stress that law enforcement had been notified and that it would recover the funds, “including any potential available insurance coverage.”
Via TechCrunch