Europol Dismantles Franco-Israeli ‘CEO Fraud Group’

Europol has successfully dismantled a Franco-Israeli ‘CEO fraud’ group that employed business email compromise (BEC) attacks to divert payments from organizations to bank accounts under the threat actor’s control. The group managed to pilfer €38,000,000 ($40.3M) from a single company within a couple of days, quickly moving the money across Europe, China, and eventually cashing out in Israel. The investigation that led to the dismantling of the criminal network was a joint operation between Europol, French, Croatian, Hungarian, Portuguese, and Spanish police forces. The law enforcement authorities performed eight house searches, seized electronic equipment and cars, and froze bank accounts holding a total of €5,100,000 and another €350,000 in digital assets.

The police arrested eight suspects (six in France and two in Israel), French and Israeli nationals, including the group leader who was based in Israel. The law enforcement operation unfolded gradually over five days between January 2022 and January 2023. The fraudsters impersonated CEOs when approaching employees in the target organizations’ financial departments and tricked them into performing payments to bank accounts under the scammer’s control.

BEC scams & their typical execution of CEO fraud

BEC scams typically rely on compromising the email accounts of the target organization to silently monitor communications and identify opportunities, such as a pending payment to a contractor. When the right time comes, the fraudsters send an email from the compromised user and request the accounting department to make a last-minute change to the receiving bank account details. Alternatively, scammers may impersonate a contractor and request a payment out of the blue or impersonate the CEO to instruct the accountants to make an urgent transfer.

In December 2021, the attackers impersonated the CEO of a large French metallurgical company to divert €300,000 to a bank account in Hungary for committing CEO fraud. A few days later, the scammers attempted to steal another €500,000, but the transfer was stopped upon the victim realized the fraud and reported it to the police. In a subsequent case, the scammers targeted a real estate developer in Paris, impersonating lawyers who supposedly worked for a renowned accounting company in the country.

Europol’s success in dismantling the criminal network

Investigators from multiple European countries connected the two cases with the help of Europol and uncovered the entire money laundering network used by the criminals in January 2022, when the first actions to take down the crime ring started. The police authorities acted quickly, and the operation unfolded gradually over five days. They performed eight house searches and seized electronic equipment and cars, freezing bank accounts holding a total of €5,100,000 and another €350,000 in digital assets.

Moreover, the police arrested eight suspects (six in France and two in Israel), French and Israeli nationals, including the group leader, who was based in Israel. The dismantling of this criminal network was a joint operation between Europol, French, Croatian, Hungarian, Portuguese, and Spanish police forces, demonstrating the power of international cooperation in law enforcement.

Lessons learned

This successful operation is a reminder that BEC scams remain prevalent and highly damaging. It is important to raise awareness among employees, especially those working in the financial departments of companies, about these types of attacks. Companies should also implement strict security protocols and invest in employee training to avoid falling victim to these types of attacks. It is crucial to verify any requests to transfer funds, especially if they come from an unexpected source or if they are sudden and urgent.