www.standaard.be

Belgian bank lost 70 million euros in fraud case, probably through social engineering ("ceo e-mail scam") The Belgian bank Crelan made headlines yesterday because they lost up to 70 million euros ($76M) due to fraud. The Belgian press is now reporting that the bank probably fell victim to the "ceo e-mail scam" (http://krebsonsecurity.com/tag/ceo-scam/), which would make it one of, if not the largest known cases of this particular scam. So, nothing computer related but plain old social engineering. An article in Dutch, which I've (roughly) translated below: http://www.standaard.be/cnt/dmf20160120_02079337 **Did e-mail from "the boss" lure Crelan into fraud trap?** The bank Crelan has been the victim of serious fraud, the kind of which it warns against itself. The advice "never wire money based on an e-mail" was probably ignored at Crelan, writes "Het Nieuwsblad". There's no bank who doesn't urge their customers to be particularly careful with e-mails that ask to suddenly wire significant amounts of money or to divulge personal information. Because it could be fraudsters at work, trying to empty your bank account. Phishing, it's called. It's this exact method that Crelan probably fell victim to themselves. On a higher level, because of which the bank and insurer may have lost about 70 million euros. The bank communicated this themselves on Tuesday in a press release. How do fraudsters work? Sources close the investigation tell us the bank has become the victim of ceo fraud, where scammers pose - by e-mail - as one of the top bosses of a company to steal large sums of money. To achieve this, the fraudsters first try to map the structure of the company they want to defraud. Then they hack into e-mail and impersonate one of the big bosses. In the e-mail, fraudsters posing as the CEO or another figure in power ask a financial worker to wire a certain amount. They say the payment must be done in the deepest confidence, for instance because the company is allegedly