Orion, a prominent chemical manufacturing company, recently revealed that it fell victim to a devastating Business Email Compromise (BEC) scam, resulting in a loss of $60 million.

According to a filing with the US Securities and Exchange Commission (SEC), a non-executive employee at the Luxembourg-based firm was deceived into transferring the funds to third-party accounts.

“On August 10, 2024, Orion S.A. determined that a Company employee, who is not a Named Executive Officer, was the target of a criminal scheme that resulted in multiple fraudulently induced outbound wire transfers to accounts controlled by unknown third parties,” Orion stated in the filing dated August 12.

While specific details about the BEC attack were not disclosed, Orion is actively collaborating with law enforcement to recover the funds through all available legal means, including potential insurance coverage.

Fortunately, there is no evidence of further fraudulent activity or unauthorized access to the company’s systems or data by the attackers.

BEC Attacks on the Rise

BEC attacks involve fraudsters contacting employees, often posing as senior executives, to request transfers of significant sums to external accounts. According to the FBI’s Internet Crime Report 2023, these attacks cost US businesses $2.9 billion in 2023, marking it as one of the most financially damaging cybercrimes.

In fact, a report from insurance firm Coalition revealed that BEC and funds transfer fraud (FTF) were the top two events leading to cybersecurity insurance claims in 2023.

Advancements in technology, such as deepfake and generative AI tools, have made BEC attacks even more sophisticated. Fraudsters can now convincingly impersonate senior business leaders through voice deepfakes and create authentic-looking fake emails to deceive employees.

Law enforcement agencies have made progress in recovering stolen funds from BEC scams. Just recently, authorities managed to recover almost all of the $42.3 million stolen from a Singaporean commodity firm after scammers posed as a legitimate supplier.

As cybercriminals continue to exploit vulnerabilities within organizations, awareness and vigilance are key in combatting BEC attacks and safeguarding against financial losses.