An unidentified American company was defrauded of nearly $100 million by individuals who created a fake email address in order to pose as one of its legitimate vendors, and transferred the proceeds to at least 20 bank accounts around across the globe, including in Estonia.
The details of the scheme came to light as the US government filed a civil forfeiture lawsuit in a Manhattan federal court seeking to recover approximately $25 million in proceeds derived from the fraud held in at least 20 bank accounts around the world, reported international news agency Reuters, citing US authorities. Nearly $74 million had already been recovered and returned to the American company.
The complaint filed on Thursday “...appears to be one of the largest email scams that I’ve seen,” stated Tom Brown, a former Manhattan federal prosecutor who is now managing director at Berkeley Research Group’s cybersecurity practice.
According to the lawsuit, the perpetrators carried out the scam by creating fake email addresses resembling that of one of the company’s legitimate vendors in Asia. US authorities reported that the scam was run from August to September of last year and was identified only after a Cyprus-based bank identified a number of suspicious transfers.
The lawsuit detailed how the fraud led the American firm to send $98.9 million intended for the legitimate vendor to an account at Eurobank Cyprus Ltd. instead, who discovered the fraud. Eurobank, which did not respond to an email from Reuters seeking comment, had restrained nearly $74 million of the funds on its own initiative in September.
The remaining $25 million was laundered through other bank accounts in locations including Cyprus, Hungary, Estonia, Latvia, Lithuania, Slovakia, and Hong Kong, authorities said.
Editor: Editor: Aili Sarapik