Scammers dupe chemical company into wiring $60 million

Orion S.A., a global chemical company with headquarters in Luxembourg, has become a victim of fraud: it lost approximately $60 million through “multiple fraudulently induced outbound wire transfers to accounts controlled by unknown third parties.”

Orion fraud wire transfers

The scammers targeted an employee

Orion S.A. is a manufacturer and supplier of carbon black, a solid form of carbon that’s used for manufacturing many everyday products, such as tires, textiles, and printing ink. “Orion has innovation centers on three continents and produces carbon black at 15 plants worldwide,” the company says.

The 8K report the company filed with the US Securities and Exchange Commission (SEC) on Monday says that the “a Company employee, who is not a Named Executive Officer, was the target” of this criminal scheme and responsible for making the fraudulent wire transfers.

“As a result of this incident, and if no further recoveries of transferred funds occur, the Company expects to record a one-time pre-tax charge of approximately $60 million for the unrecovered fraudulent wire transfers,” Orion S.A. said.

“The Company has cooperated, and will continue to cooperate, with law enforcement as appropriate, and intends to pursue recovery of these funds through all legally available means, including potentially available insurance coverage.”

Was it a BEC attack?

A representative of the company declined to share with Help Net Security any additional details beyond what is included in the 8-K filing.

“To date, the Company has not found any evidence of additional fraudulent activity and currently does not believe the incident resulted in any unauthorized access to data or systems maintained by the Company,” the filing further says.

“However, the Company’s investigation into the incident and its impacts on the Company, including its internal controls, remains ongoing. The business and operations were not affected.”

While Orion’s filing does not outright say that the wire transfers were the result of business email compromise (BEC), the possibility seems most likely. Given the above wording, the compromised email was likely that of a supplier or customer.

(Alternative possibilities, such as a deepfake video conference call paired with social engineering tricks, are possible, but less likely.)

Earlier this month, Interpol has revealed that a global stop-payment mechanism developed by the law enforcement agency has helped Singapore authorities claw back $42.3 millions that a Singaporean commodity firm has lost due to a successful business email compromise scheme.

According to FBI’s 2023 Internet Crime Report, BEC scams are second only to investment scams when it comes to total monetary losses.

But the Recovery Asset Team (RAT) of FBI’s Internet Crime Complaint Center (IC3) often successfully leverages Financial Fraud Kill Chain requests to freeze the bank accounts of fraudulent recipients and recover the wired funds. In 2023, the team had a 71% success rate when it comes to recovering the stolen money.

OPIS OPIS

OPIS

Don't miss