PINDROP BLOG

CEO Phishing Scam Costs Belgian Bank Crelan $75M

The venerable phishing scam has been trying on some new clothes as of late, and quite often those outfits are costing victims dearly. The latest and perhaps most expensive of these is the version of the executive email scheme that hit a Belgian bank recently and cost the firm more than $75 million.

This particular scheme, which also is known as business email compromise, often is used against smaller businesses and can take a wide variety of forms. It can be an email that looks like it comes from a trusted partner such as a recruiter or accounting firm, or a message supposedly from a supplier demanding payment for some past due invoice. But the most pernicious and apparently effective version is the email that purports to come from the CEO, CFO, or other top executive at a given company.

These messages often will be marked urgent and will go to someone in the target company who has financial authority, say a top finance manager or an accountant. The email will usually have the correct sender’s address and possibly the same signature block the executive actually uses. It will direct the recipient to transfer money immediately to a specific account for an upcoming transaction, such as an acquisition.

This is what hit Crelan Bank in Belgium last week, and the company said that the scheme cost it upwards of $75 million. That figure makes it one of the larger instances of this kind of fraud to emerge at this point.

“The underlying profitability of the bank remains intact,” Crelan CEO Luc Versele said in a statement. 

The details of the incident remain scarce at this point, but Belgian newspaper De Standaard said that Crelan has contacted law enforcement about the scam.

The bank is far from alone in falling victim to this scheme. An Austrian manufacturing company called FACC was hit with a similar kind of fraud, losing approximately €50 million in the process.

Webinar: TACKLING THE 113% FRAUD INCREASE IN CALL CENTERS