Chinese Hackers Take Phishing and CEO Fraud to Another Level Raking in $18.6 Million

A talented group of Fraudsters used phishing, social engineering, and pure chutzpah to convince the India arm of Italian engineering company Tecnimont to part with millions of dollars.

We’ve all heard of phishing or whaling stories where someone is sent an email pretending to be the CEO of an organization, asking the recipient to perform an action that benefits the cybercriminal. The attack on Tecnimont takes these kinds of attacks to a new level and is something right out of a Mission: Impossible movie.

Chinese fraudsters sent Tecnimont’s head of India operations an email from an account that spoofed that of group CEO Pierroberto Folgiero. Rather than simply asking for money to be transferred, the cybercriminals instead arranged for not one, but a series of conference calls with the India head to discuss a possible highly confidential acquisition in China. On those calls, members of the hackers pretended to be the group CEO, a top Switzerland-based lawyer, and other senior executives of the company!

They convinced the India head that the money couldn’t be transferred from Italy due to regulatory issues, and that they required his operation pay the money needed for the acquisition. The money that was transferred in three parts — $5.6 million, $9.4 million and $3.6 million — from India to banks in Hong Kong. The money was immediately withdrawn within minutes. The fraudsters even tried to get a fourth transfer made, but were found out by Technimont. The India head and the head of accounts and finance were fired.

CEO fraud is a material part of the cybercriminal’s playbook. It can take as little as a single email to convince someone to send money, change bank account details, purchase gift cards, etc. Organization’s need to educate employees at every level with Security Awareness Training to create a corporate culture with a heightened sense of scrutiny and suspicion when it comes to interacting with email and the web.