Earlier in August, one of the world’s largest cable manufacturers Leoni AG publicly confessed that it had fallen victim to a classic CEO Fraud attack that has cost the company a whopping 44 million dollars. Following two weeks of intensive investigations, new details surfaced and the thieves turned out to have used sophisticated social engineering tactics combined with email spoofing.

The attackers crafted emails to appear like legitimate payment requests from the head office in Germany and sent them to a subsidiary of Leoni in Bistrita, Romania.

CEO Fraud targeted Leoni’s Romanian headquarters

According to authorities, a young woman working as CFO at Leoni’s Bistrita factory was the target of the scam, when she received an email spoofed to look like it came from one of the company’s top German executives. She then proceeded paying out $44 million in the process.

According to the Romanian Directorate for Investigating Organized Crime and Terrorism (DIICOT), the scammers had extensive knowledge about the internal procedures for approving and processing transfers at Leoni, meaning the network had been penetrated earlier, highly likely through phishing emails, and the bad guys had been doing recon for months.

Read more: KnowBe4