Cyberheist Nets 44 Million In Single CEO Fraud Attack

one-of-the-world-s-biggest-companies-loses-40-million-in-online-scam.jpg Earlier in August, one of the world's largest cable manufacturers Leoni AG publicly confessed that it had fallen victim to a classic CEO Fraud attack that has cost the company a whopping 44 million dollars. Following two weeks of intensive investigations, new details surfaced and the thieves turned out to have used sophisticated social engineering tactics combined with email spoofing.

The attackers crafted emails to appear like legitimate payment requests from the head office in Germany and sent them to a subsidiary of Leoni in Bistrita, Romania.

CEO Fraud targeted Leoni's Romanian headquarters

According to authorities, a young woman working as CFO at Leoni's Bistrita factory was the target of the scam, when she received an email spoofed to look like it came from one of the company's top German executives. She then proceeded paying out $44 million in the process.

According to the Romanian Directorate for Investigating Organized Crime and Terrorism (DIICOT), the scammers had extensive knowledge about the internal procedures for approving and processing transfers at Leoni, meaning the network had been penetrated earlier, highly likely through phishing emails, and the bad guys had been doing recon for months.

Bad guys penetrated Leoni months in advance

Leoni has four factories in Romania, but the site in Bistrita is the only one in the country authorized to move funds. The bad guys leveraged their recon and made the attack less suspicious as the branch frequently received such requests from high-ranking executives from Germany.

It is not clear where the stolen funds are now, but unconfirmed reports say the money was transferred to a bank account in the Czech Republic.

Leoni is not the first company to fall for CEO Fraud, we have been talking about a lot of these incidents the last year. For instance, toy manufacturer Mattel came close to losing $3 million in an attack like this.

Back in April, the FBI released a report claiming that more than 17,000 people across the globe have been tricked into similar scams over the last 2 years. This amounts to more than $2.3 billion lost in fraud incidents.

Get your Free Domain Spoof Test

Can hackers spoof an email address of your own domain and get away with millions??

Are you aware that one of the first things hackers try is to see if they can spoof the email address of your CEO? If they are able to commit "CEO Fraud", penetrating your network is like taking candy from a baby.

Would you like to know if hackers can spoof your domain? KnowBe4 can help you find out if this is the case with our free Domain Spoof Test. It's quick, easy and often a shocking discovery. Find out now if your email server is configured correctly, our tests over the last 2 years show that 82% of servers fail to handle spoofed emails correctly.