Carbon black supplier Orion loses $60 million in business email compromise scam
About $60 million was stolen from one of the leading suppliers of carbon products after an employee was tricked into making several wire transfers to cybercriminals.
The funds were stolen from Orion, a Luxembourg-based company that produces carbon black, a material used to make tires, ink, batteries, plastics and more.
A spokesperson declined to explain the situation in detail but the company filed documents with the Securities and Exchange Commission (SEC) about the incident, which it discovered on Saturday.
A non-executive employee “was the target of a criminal scheme that resulted in multiple fraudulently induced outbound wire transfers to accounts controlled by unknown third parties,” they wrote.
“As a result of this incident, and if no further recoveries of transferred funds occur, the Company expects to record a one-time pre-tax charge of approximately $60 million for the unrecovered fraudulent wire transfers.”
There is now a law enforcement investigation into the theft and the company said it plans to “pursue recovery of these funds through all legally available means, including potentially available insurance coverage.”
Law enforcement agencies like the FBI have long warned businesses of cybercriminals specifically targeting employees with access to an organization’s funds, often impersonating other executives in order to convince financial departments to approve transfers.
Typically referred to as business email compromise (BEC), the schemes can take a number of forms but often involve impersonation or other tricks to send company funds to bank accounts owned by attackers.
In 2023, the FBI said BEC fraud was the second most damaging type of internet crime, accounting for $2.9 billion in losses. In some instances, vendor email accounts are compromised while others involve phishing emails used to steal the login information of people who have access to company funds.
Scammers “are increasingly using custodial accounts held at financial institutions for cryptocurrency exchanges or third-party payment processors, or having targeted individuals send funds directly to these platforms where funds are quickly dispersed,” the FBI said last year.
Police agencies have had some success in recent years in clawing back stolen funds and arresting the people behind the scams, but FBI data shows that more than $43 billion was lost through business email compromise and email account compromise scams between 2016 and 2022.
Jonathan Greig
is a Breaking News Reporter at Recorded Future News. Jonathan has worked across the globe as a journalist since 2014. Before moving back to New York City, he worked for news outlets in South Africa, Jordan and Cambodia. He previously covered cybersecurity at ZDNet and TechRepublic.