Now, after two weeks of investigation, it has been found out that the attackers simply spoofed emails to appear like official payment requests, a method known as “a whaling attack, CEO fraud or business email compromise.” They then proceeded to send them to a satellite at the Leoni factory in Bistrita, northern Romania, where about 6,000 people work. It is said to have been made to a bank in the Czech Republic, although investigators have not yet identified the scammers. The fraudulent messages were then received and handled by one of the company’s financial officers, who believed it to be an email from one of the company’s top executives in Germany and later proceeded to honour all the invoices, paying out $44 million in the process. Even large payments were often made this way, as the system was considered extremely safe, reported the employees. According to the Romanian Directorate for Investigating Organized Crime and Terrorism (DIICOT), the scammers had widespread knowledge about the internal procedures for approving and processing transfers at Leoni. The target was carefully chosen by the attackers as this factory alone had the authority to transfer money. Leoni has four factories in Romania. As the branch frequently received such requests from high-ranking executives from Germany, this made the attack less suspicious. Leoni is the second company to fall for such a classic email scam this year. Earlier in 2016, toy manufacturer Mattel came close to losing $3 million in a phishing campaign. In June 2016, the FBI’s Internet Crime Complaint Center (IC3) said that BECs since October 2013 had defrauded companies around the world of over $3 billion.
