Orion SA, a global supplier of carbon black (a solid form of carbon), revealed it was the victim of a sophisticated scam and ended up transferring $60 million to accounts belonging to the scammers.
The company confirmed the fiasco in an 8-K filing with the U.S. Securities and Exchange Commission (SEC) on August 10.
In the document, the company stated that an employee (who was not a member of senior management) was targeted by the criminals: “On August 10, 2024, Orion SA determined that an employee of the Company, who is not a named executive officer, was the target of a criminal scheme that resulted in multiple fraudulently induced outbound wire transfers to accounts controlled by unknown third parties.”
Insurance coverage
Orion did not share any other details about the attack, but since it involved multiple bank transfers initiated by one employee, it is safe to assume it was a business email compromise (BEC) attack.
With BEC attacks, a threat actor could gain access to an email account belonging to an executive or make typos and impersonate one through identity theft.
After that, they would contact an employee who had access to the company’s funds and try to trick them into making a payment. Sometimes, they would claim that the company was buying from a competitor and that the entire process had to be done quickly and discreetly, so as not to attract the attention of the media or other companies, as that could jeopardize the deal. In some cases, the criminals would even call the victims on the phone to persuade them to move forward more quickly with the transfer.
BEC attacks work exceptionally well, especially in large organizations where many employees have never met their senior executives, don’t know how they talk or behave. In fact, some reports claim that BEC is one of the most devastating forms of cybercrime, along with ransomware.
Orion said it investigated the matter thoroughly and found no other fraudulent activity or theft of sensitive company data. It stressed that authorities have been notified and it will seek to recover the funds, “including any insurance coverage that may be available.”
Via TechCrunch
