CEO

Europol has dismantled a Franco-Israeli ‘CEO fraud’ group that employed business email compromise (BEC) attacks to divert payments from organizations to bank accounts under the threat actor's control.

In one case against a single company, the fraudsters managed to pilfer €38,000,000 ($40.3M) within a couple of days, quickly moving the money across Europe, China, and eventually cashing out in Israel.

The investigation that led to the dismantling of the criminal network was a joint operation between Europol, French, Croatian, Hungarian, Portuguese, and Spanish police forces.

During the crackdown operation, the law enforcement authorities performed eight house searches seizing electronic equipment and cars and freezing bank accounts holding a total of €5,100,000 and another €350,000 in digital assets.

Moreover, the police arrested eight suspects (six in France and two in Israel), French and Israeli nationals, including the group leader, who was based in Israel.

The law enforcement operation unfolded gradually over five days between January 2022 and January 2023.

Impersonating CEOs

The fraudsters impersonated CEOs when approaching employees in the target organizations' financial departments and tricked them into performing payments to bank accounts under the scammer's control.


Typically, BEC scams rely on compromising the email accounts of the target organization to silently monitor communications and identify opportunities such as a pending payment to a contractor.

When the right time comes, the fraudsters send an email from the compromised user and request the accounting department to make a last-minute change to the receiving bank account details.

Alternatively, scammers may impersonate a contractor and request a payment out of the blue or impersonate the CEO to instruct the accountants to make an urgent transfer.

In December 2021, the attackers impersonated the CEO of a large French metallurgical company to divert €300,000 to a bank account in Hungary. A few days later, the scammers attempted to steal another €500,000, but the transfer was stopped upon the victim realized the fraud and reported it to the police.

In a subsequent case, the scammers targeted a real estate developer in Paris, impersonating lawyers who supposedly worked for a renowned accounting company in the country.

“Pretending to be consultants, they persuaded the Chief Financial Officer (CFO) to transfer millions of euros abroad. In total, they defrauded the company of almost EUR 38 million in a matter of days.” - Europol.

Investigators from multiple European countries connected the two cases with the help of Europol and uncovered the entire money laundering network used by the criminals in January 2022, when the first actions to take down the crime ring started.

Related Articles:

Police seize over 100 malware loader servers, arrest four cybercriminals

Europol takes down 593 Cobalt Strike servers used by cybercriminals

Alleged Scattered Spider sim-swapper arrested in Spain

Police arrest Conti and LockBit ransomware crypter specialist

Police dismantle pirated TV streaming network that made $5.7 million