German electrical cable maker Leoni falls victim to BEC scam

Aug 31, 2016 21:35 GMT  ·  By

Leoni AG, Europe's biggest manufacturer of wires and electrical cables and the fourth-largest vendor in the world, has announced it lost €40 million ($44.6 million) following an online scam that tricked one of its financial officers into transferring funds to the wrong bank account.

The incident took place on Friday, August 12, and the company announced it publicly on August 16, when its shares dropped between 5 and 7 percent in the stock market following the news.

Back in August, Leoni officials were scarce in details, only saying they launched an investigation into the matter, also reassuring investors that the company's liquidity situation had not been affected by the sudden disappearance of €40 million from its bank accounts.

BEC scam targeted Leoni's Romanian headquarters

New details are now surfacing about the incident in the Romanian press, who revealed yesterday that the scam took place at Leoni's factory in the city of Bistrita, in northern Romania.

Leoni's Romanian staff filed a complaint with local police, and because of the huge sum of money lost in the incident, the case reached Romania's top investigations division DIICOT (Directorate for Investigating Organized Crime and Terrorism).

According to authorities, a young woman working as CFO at Leoni's Bistrita factory was the target of the scam, when she received an email spoofed to look like it came from one of the company's top German executives.

Attackers scouted Leoni in advance

Investigators say the email was crafted in such a way to take into account Leoni's internal procedures for approving and transferring funds. This detail shows that attackers scouted the firm in advance.

The Bistrita factory was not chosen at random either. Leoni has four factories in Romania, and the Bistrita branch is the only one authorized to make money transfers.

Leoni, who has over 75,000 employees in 32 countries around the globe, will be celebrating its centennial next year. The company's main business is to provide wiring and electrical cables for the automotive industry, with its biggest customers being BMW, Mercedes, and Rolls Royce. The Bistrita branch is manufacturing wiring and electrical cables for the Mercedes Benz E-Klasse.

Leoni incident was a classic BEC fraud

The attack Leoni suffered is known under different names, such as a whaling attack, a BEC (Business Email Compromise), or CEO fraud.

In June 2016, the FBI's Internet Crime Complaint Center (IC3) said that BECs (Business Email Compromise) had defrauded companies around the world of over $3 billion since October 2013.

According to unconfirmed information, the money stolen from Leoni's Bistrita branch ended up in bank accounts in the Czech Republic.