Information Security / Lazio falls for email scam, transfers €2mn to hacker’s account
Lazio falls for email scam, transfers €2mn to hacker’s account
28 March 2018 |
Italian football club Lazio fell victim to a sophisticated email scam and transferred two million euros to a bank account owned by cyber criminals as final payment for Dutch defender Stefan de Vrij who joined Lazio on a long term contract in 2014 from Dutch club Feyenoord.
Even though four years have passed since de Vrij signed for Lazio, the club believed it still owed Feyenoord two million euros and paid the sum promptly after it received an email from Feyenoord representatives who demanded the payment to be made.
However, it later turned out that Lazio had, in fact, fallen for a well-planned email scam after Feyenoord representatives denied receiving the money. According to Italian newspaper Il Tempo, suspected hackers sent an email to Lazio and made the email appear as if it was sent by the Dutch club.
The email contained a Feyenoord logo and contained bank details where Lazio was supposed to transfer the two million euros. After Lazio realised that it has been phished, an investigation was initiated and the prosecutor confirmed that the bank account where Lazio transferred the money was located in the Netherlands and did not belong to Feyenoord.
It is unclear whether cyber criminals behind the operation have been traced or what happened to the two million euros that were transferred by Lazio. In any case, de Vrij is slated to join another club at the end of a season as a free agent so Lazio will not be able to recover the sum. As of now, Manchester City, Manchester United, Inter Milan, and Liverpool are reportedly interested in signing Lazio once he becomes available.
Back in 2016, Scottish football fans were targeted with phishing emails claiming to be from the Scottish Football Association (SFA), demanding money for tickets. The emails demanded up to £170 each from SFA subscribers and were sent from email@example.com.
According to the SFA, hackers had obtained email addresses and other personal details of football fans after they breached a third-party database.
"This high profile own-goal is a clear warning for all businesses to be prepared for email fraud. Attacks are becoming more sophisticated and scam emails look very professional, increasingly indistinguishable by the naked eye. Cyber-gangs can easily trick employees by registering lookalike domains or using homoglyph characters that look visibly the same," said Hiwot Mendahun, cybersecurity analyst at Mimecast.
"Organisations also need to carefully review how they analyse attachments coming in via email. Deep-file inspection, sandbox analysis and conversion to safe formats are ideal defence techniques. It’s also always best to double check payment details with a phone call," she added.
Latest posts by Jay Jay (see all)
- Privacy concerns dominate as FaceApp crosses 100 million installations - 19th July 2019
- London-based real estate agency fined £80,000 by ICO - 19th July 2019
- Google kicks out 7 stalker apps that enjoyed 130,000 installations - 18th July 2019
- AMCA data breach affected 2.2m Clinical Pathology Laboratories patients - 18th July 2019
- Motor industry employee fined £25,500 for personal data theft that lasted years - 18th July 2019