Phishing scam: Italian football club tricked into sending out €2m to crooks

Another day, another phishing scam – This time apparently the culprits knew about the club’s ongoing deal.

An Italian football club Lazio has been scammed as the club sent out an outstanding transfer bill of €2 million ($2,460,840) to a fraudster’s bank account. The club was tricked by email fraudsters, who claimed to be representing a team negotiating for the release of funds that the Italian club owed for a player’s transfer.

Serie A team from the Lazio club released funds after receiving an email, which apparently looked legitimate. The email was supposedly sent by representatives of Dutch club Feyenoord. In the email, the sender demanded final payment of a player’s transfer that occurred in 2014. It is clear that the fraudsters knew about the details of this deal. In this deal, defender Stefan de Vrij was transferred to Lazio from Feyenoord.

More: Phishing Scam: Hackers Steal $900,000 from County Office

Italian newspaper II Tempo reports that fraudsters tricked Lazio club’s accountants into releasing the outstanding balance and transfer the money to the bank account they provided details of. However, when inquired, Feyenoord denied any such communication carried out by any of its staff members. Furthermore, the Dutch club clarified that it never even received the funds.

Prosecutors state that the money trail has been tracked and that it has been transferred to a Dutch bank account but it does not belong to Feyenoord.

However, it shows the caliber of cybercriminals and the innovativeness that they have achieved over time as they come up with one unique strategy after another. This particular incident is a clear example of how lucrative phish scams can be. Especially if cybercrooks are aware of such high-profile deals involving large sums of cash transferred through banks.

It is also evident that still phishing emails are the key weapon hackers use to steal useful information and make instant money. Recently London art dealers also became a victim of cyber-fraud and faced losses of hundreds of thousands of pounds. They were targeted with an email scamming campaign in November 2017. Tricksters intercepted PDF invoices after compromising their clients’ email accounts and replaced the clients’ bank details with their own so that cash gets transferred to them.

Lazio’s case is another one in the already widening array of phish scams on high profile businesses and organizations. Threat research director at Exabeam, Barry Shteiman, claims that this incident is a classic case of how email phishing scams can compromise business deals.

“Using social engineering, hackers convince employees to wire money to their accounts without the employee knowing this request did not come from within their company. Low tech, but high yield!” added Shteiman.

More: Phishing Scam: Hackers Steal $11 Million from Canadian University

Waqas

Waqas Amir is a Milan-based cybersecurity journalist with a passion for covering latest happenings in cyber security and tech world. In addition to being the founder of this website, Waqas is also into gaming, reading and investigative journalism.