menu Home
News

Two Municipalities Scammed out of €600,000 through CEO Fraud: What is it?

BayRadio | March 21, 2023
Fraud

Police have arrested six individuals for allegedly defrauding two municipalities in Mallorca and Catalonia using the so-called “CEO fraud.” A 20-year-old man was the mastermind of the scheme, which netted over €600,000 by digitally impersonating a cleaning company. This is the second such scam to be uncovered in two weeks. The National Police arrested him in shorts and flip-flops, considering him the leader of a criminal organization capable of swindling two municipalities out of €600,000. He allegedly did this by impersonating not just the identity, but the bank accounts, of a cleaning company. It was a scam that required nothing more than a mobile phone and his home. This is known as the “CEO fraud.”

The investigation began with a complaint from the Palma City Council in Mallorca in late April 2022. Their financial department had transferred more than €300,000 as payment for services to the maintenance and cleaning company they had hired. However, the company claimed that they had not received payment. Where was the money?

Just before the payment, the Balearic Islands City Council received an email from the service company notifying them of a change in the bank account number. This is where the €300,000 had been sent, but that account did not belong to the company. They had fallen victim to the so-called “CEO fraud.” The “CEO fraud” is a scam also known as Business Email Compromise (BEC), and like many classic scams, it works in a deceptively simple way. A third party, the swindler, known as the “man in the middle,” interferes with email exchanges between two companies or corporations that have business or service relationships.

The swindler impersonates one of the companies and sends a false email, mimicking the logos and style of the original emails, informing the payer of a change in bank account where payments should be made. If the paying company does not directly confirm the account number change with the other party, they will make payments to a checking account controlled by the fraudster from that moment on. As a result, the money never reaches its rightful recipient.

To do this, the mastermind uses a new criminal figure named after the practices of drug trafficking: “bank mules.” These are people who agree to open bank accounts in their name to divert the stolen cash in exchange for a small monetary compensation.

In this case, the National Police arrested five “bank mules” whom the scam leader had contacted through social media. He offered them a paltry sum of around €50 to open these checking accounts, which he managed himself in reality. In some cases, he didn’t even pay them that €50. Although the victims in this case were the City Councils of Palma in Mallorca and a small town in Girona, the investigation was carried out by specialized agents of the Economic and Fiscal Crime Unit (UDEF) of the Madrid Police Judicial Brigade because the clues shows they entered the home of the alleged fraudster at the end of February and seized three mobile phones with which he supposedly established contacts through social networks with those who would act as “mules” and interfered with the email accounts of his potential victims.

During the search, the suspect, a 20-year-old Spanish national, was arrested. Through the analysis of bank accounts, the agents were able to detect another alleged scam against a Catalan city council for 314,000 euros. The total loot would amount to 614,000 euros. Two weeks ago, the National Police already arrested 64 people in another operation, called Bongo, against a network that had defrauded businessmen of more than 4,000,000 euros with the same method. The agents managed to block another 600,000 euros before they reached the fraudulent accounts. The banking “mules” received two percent of the transaction as payment.

In this case, the “mules” and the ringleaders were arrested in Spain, although the headquarters of the criminal organization was in Nigeria. From the African country, intrusions into corporate email accounts were made, and that is where the money finally ended up.

Written by BayRadio


  • Listen Live

     

  • Download BayRadio APP