Business Email Compromise (BEC) , Fraud Management & Cybercrime

Cops in Israel and France Cuff Suspected CEO Fraudsters

$40 Million Allegedly Stolen From Real Estate Developer in Group's Largest Heist
Cops in Israel and France Cuff Suspected CEO Fraudsters
The international operation was coordinated by Europol. (Image: Europol)

A joint law enforcement operation spearheaded in France dismantled a crime ring authorities describe as a Franco-Israeli conspiracy of "large-scale CEO fraud." The suspects allegedly stole millions from French victims and laundered the proceeds first via banks in Europe and then through China and to Israel.

See Also: Strengthening Microsoft 365 with Human-centric Security

Also known as business email compromise, CEO fraud involves criminals impersonating senior executives to trick victims into transferring them money. This type of social engineering attack can be both simple and highly lucrative.

The largest single attack that's been publicly ascribed to the targeted crime group netted scammers $40 million over just a few days in late December 2021.

The EU's law enforcement intelligence network, Europol, says that to target this victim, a Paris-based real estate developer, attackers used a slightly more sophisticated setup than the average BEC scheme.

Instead of impersonating a senior executive, attackers pretended to be lawyers who worked for a well-known French accounting firm and convinced the real estate firm's chief financial officer to make multiple, confidential transfers over the course of several days as a matter of urgency.

When the real estate firm filed a complaint in January 2022, police matched it with a complaint about a different BEC attack that also occurred in December 2021. In that case, a metallurgical firm located in northeastern France reported that its accountant had been tricked into sending "an urgent and confidential transfer" worth $320,000 to a Hungarian bank account, believing he was acting under instructions from the company's CEO, Europol says. The ruse was discovered several days later, when the accountant attempted to send another $530,000.

Investigators found that the phone call from the alleged CEO had originated in Israel, and after the two scams were linked, investigators began to trace "accomplices, modi operandi and funds," Europol reports.

Officials say the investigation, which ran from January 2022 until last month, grew to involve law enforcement and anti-money laundering officials across six countries:

  • Israel: Police arrested the group's alleged mastermind, as well as another suspect.
  • France: Six suspects were arrested.
  • Croatia: Authorities helped identify the real identities of money mules used by the gang and also blocked or froze $640,000 in stolen funds.
  • Portugal: $3.2 million was seized from bank accounts.
  • Hungary: Authorities interrogated 16 suspects - two remain under investigation - and traced $7 million in laundered funds, recovering $1 million.
  • Spain: $425,000 was seized from bank accounts.

During the investigation, authorities say they also seized electronic equipment, vehicles and virtual currencies worth $372,000 over five separate action days, which involved coordinated searches and arrests across France and Israel.

Billions Lost to BEC

Despite this takedown, business email compromise attacks continue to rage.

The FBI says, based on reports to its Internet Crime Complaint Center, BEC attacks account for the greatest aggregate losses of any type of internet-enabled crime. From June 2016 through December 2021, the bureau says known domestic and international losses due to BEC totaled $43.3 billion.

Law enforcement officials continue to urge victims to report all types of online crime, to help investigators better track and potentially disrupt criminals. In the case of BEC fraud in particular, swift action may aid asset recovery.

Since 2018, the FBI's Recovery Asset Team has been the interface between victims and financial institutions to help recover funds transferred by U.S. fraud victims to domestic bank accounts. Last year, the bureau reported that out of $444 million in lost funds reported to IC3, the recovery team had been able to successfully freeze $328 million. The FBI says fast reporting is essential for freezing funds before they get cashed out or transferred abroad.

About the Author

Mathew J. Schwartz

Mathew J. Schwartz

Executive Editor, DataBreachToday & Europe, ISMG

Schwartz is an award-winning journalist with two decades of experience in magazines, newspapers and electronic media. He has covered the information security and privacy sector throughout his career. Before joining Information Security Media Group in 2014, where he now serves as the executive editor, DataBreachToday and for European news coverage, Schwartz was the information security beat reporter for InformationWeek and a frequent contributor to DarkReading, among other publications. He lives in Scotland.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.