Europol has busted a Franco-Israeli “CEO fraud” group that used business email compromise (BEC) attacks to divert payments from organizations to bank accounts under the control of the threat actor.

In a case against a single company, fraudsters managed to steal €38,000,000 ($40.3 million) within days, quickly moving the money across Europe, China and ultimately cashing in Israel.

The investigation that led to the dismantling of the criminal network was a joint operation between Europol, French, Croatian, Hungarian, Portuguese and Spanish police forces.

During the crackdown, law enforcement carried out eight house searches, seizing electronic equipment and cars and freezing bank accounts holding a total of €5,100,000 and an additional €350,000 in digital assets .

In addition, the police arrested eight suspects (six in France and two in Israel), of French and Israeli nationality, including the leader of the group, who was based in Israel.

The policing operation took place gradually over five days between January 2022 and January 2023.

Impersonate CEOs

Fraudsters posed as CEOs when they approached financial services employees of the target organizations and tricked them into making payments to bank accounts under the control of the scammer.

Typically, BEC scams rely on compromising the target organization’s email accounts to silently monitor communications and identify opportunities such as a pending payment to a contractor.

At the appropriate time, the fraudsters send an email from the compromised user and ask the accounting department to make a last-minute change to the details of the recipient bank account.

Alternatively, scammers can impersonate an entrepreneur and demand an out-of-the-box payment or impersonate the CEO to ask the accountants to make an urgent transfer.

In December 2021, the attackers impersonated the CEO of a major French metallurgical company to divert €300,000 to a bank account in Hungary. A few days later, the scammers tried to steal another €500,000, but the transfer was stopped when the victim realized the fraud and reported it to the police.

In a later case, the scammers targeted a property developer in Paris, posing as lawyers who allegedly worked for a renowned accounting firm in the country.

Investigators from several European countries linked the two cases with the help of Europol and discovered the entire money laundering network used by the criminals in January 2022, when the first actions to eliminate the criminal network took place. begin.