German Company Loses $44 Million to One Business Email Compromise Scam

GUEST BLOGGER

Ron Cresswell, J.D., CFE
ACFE Research Specialist

As discussed in a recent Fraud Examiner article, the FBI has issued several warnings recently about business email compromise (BEC) scams. In a traditional BEC scam, a fraudster uses a fake email from a high-level executive to trick an employee into wiring funds to the fraudster. According to the FBI, there has been a dramatic increase in BEC-related losses since January 2015. This month brings more troubling news.

The BEC Attack on Leoni AG
In one of the costliest BEC scams yet, the German company Leoni AG announced that it lost more than $44 million to fraudsters. Leoni AG is the largest supplier of electrical wires and cables in Europe. The company has more than 76,000 employees in 32 countries, including Romania, which is where the fraud began.

According to reports, the fraudsters used cloned emails to target a chief financial officer (CFO) working in the company’s factory in Bistrita, Romania. The CFO received an email asking her to wire $44 million to a specific bank account. The email appeared to be from one of the company’s executives in Germany who frequently requested wire transfers by email. Because the request followed the company’s usual procedure, the CFO approved the wire transfer.

The scam seems simple, but it required a significant amount of advance work by the fraudsters. Although details are still sketchy, the fraudsters probably used social engineering and phishing emails to gather crucial information about the company. That information included the company’s internal procedures for requesting and approving wire transfers. For example, Leoni AG has four factories in Romania, but only the one in Bistrita was authorized to make wire transfers. With this information, probably gathered through months of network surveillance, the fraudsters were able to craft a simple but effective BEC scam.

Romanian authorities are still investigating the theft, which was reported by Leoni AG in August. The identities of the fraudsters are unknown, but there are reports that the money was wired to a bank in the Czech Republic.

Could It Have Been Prevented?
Could Leoni AG have prevented the theft? That’s unclear based on current information. However, the following measures might have stopped it:

  • Two-step verification procedure. The fraud probably would have been discovered if the CFO called the company’s German headquarters to confirm the wire transfer request. Many companies require that kind of two-step verification procedure for wire transfers.
  • Employee education. The theft also might have been prevented if the CFO knew enough about BEC scams to be suspicious of the $44 million request. That is why companies should educate their employees about BEC scams and other common frauds.

Conclusion
Fraud professionals should continue to follow news of the Leoni AG case, which is still in the early stages of investigation. It’s the story of a sophisticated, multinational company that lost $44 million through a relatively simple BEC scam. As more information comes out, the Leoni AG case may provide some valuable lessons.