How Companies Can Stop Thieves in the Race for Your Tax Return


Sarah Hofmann
ACFE Public Information Officer

It's unfortunately common this time of year for individuals to file their taxes only to find out that someone has already claimed their return. This type of identity theft can be upsetting, but it may be even more upsetting if they found out their identity was stolen not through a fault of their own, but due to their employer falling victim to a scam.

Savvy cybercriminals are using business email compromise schemes, or "spear-phishing" tactics, to acquire personally identifiable information (PII) through employers. They spoof an email address or phone number to make it look like they are someone from the company's human resources management company or accounting firm — or even someone from within the company itself — and ask for employee W-2s. Once they have the W-2s, they are able to steal employees' identities.

This year, the IRS warned that cybercriminals are widening their target scope from just large corporations to smaller organizations, such as nonprofits and school districts. According to the ACFE's 2016 Report to the Nations on Occupational Fraud and Abuse, small organizations often have fewer anti-fraud controls in place than larger organizations — a weakness that makes them easier targets for fraudsters.

Bruce Dorris, J.D., CFE, CPA, CVA, vice president and program director for the Texas-based Association of Certified Fraud Examiners (ACFE) said, "Fraudsters and cybercriminals are continuing to search for new victims with this unique phishing scam. Many of these organizations have smaller budgets and do not have personnel to defend against these attacks, so nonprofits and school districts must invest and raise awareness in the latest fraud detection and prevention techniques to protect themselves."

Employers can protect themselves and their employees by:

  • Educating employees on email best practices
  • Never sharing PII over the phone or via email
  • Reporting suspicious behavior

The IRS has asked employers who receive phishing emails to forward them to Employers must remember that as technology evolves, so do fraudsters. The best defense against fraud during tax season is to be wary of anyone asking for sensitive information and to report any suspicious behavior.

German Company Loses $44 Million to One Business Email Compromise Scam


Ron Cresswell, J.D., CFE
ACFE Research Specialist

As discussed in a recent Fraud Examiner article, the FBI has issued several warnings recently about business email compromise (BEC) scams. In a traditional BEC scam, a fraudster uses a fake email from a high-level executive to trick an employee into wiring funds to the fraudster. According to the FBI, there has been a dramatic increase in BEC-related losses since January 2015. This month brings more troubling news.

The BEC Attack on Leoni AG
In one of the costliest BEC scams yet, the German company Leoni AG announced that it lost more than $44 million to fraudsters. Leoni AG is the largest supplier of electrical wires and cables in Europe. The company has more than 76,000 employees in 32 countries, including Romania, which is where the fraud began.

According to reports, the fraudsters used cloned emails to target a chief financial officer (CFO) working in the company’s factory in Bistrita, Romania. The CFO received an email asking her to wire $44 million to a specific bank account. The email appeared to be from one of the company’s executives in Germany who frequently requested wire transfers by email. Because the request followed the company’s usual procedure, the CFO approved the wire transfer.

The scam seems simple, but it required a significant amount of advance work by the fraudsters. Although details are still sketchy, the fraudsters probably used social engineering and phishing emails to gather crucial information about the company. That information included the company’s internal procedures for requesting and approving wire transfers. For example, Leoni AG has four factories in Romania, but only the one in Bistrita was authorized to make wire transfers. With this information, probably gathered through months of network surveillance, the fraudsters were able to craft a simple but effective BEC scam.

Romanian authorities are still investigating the theft, which was reported by Leoni AG in August. The identities of the fraudsters are unknown, but there are reports that the money was wired to a bank in the Czech Republic.

Could It Have Been Prevented?
Could Leoni AG have prevented the theft? That’s unclear based on current information. However, the following measures might have stopped it:

  • Two-step verification procedure. The fraud probably would have been discovered if the CFO called the company’s German headquarters to confirm the wire transfer request. Many companies require that kind of two-step verification procedure for wire transfers.
  • Employee education. The theft also might have been prevented if the CFO knew enough about BEC scams to be suspicious of the $44 million request. That is why companies should educate their employees about BEC scams and other common frauds.

Fraud professionals should continue to follow news of the Leoni AG case, which is still in the early stages of investigation. It’s the story of a sophisticated, multinational company that lost $44 million through a relatively simple BEC scam. As more information comes out, the Leoni AG case may provide some valuable lessons.