Italian football club Lazio fell victim to a sophisticated email scam and transferred two million euros to a bank account owned by cyber criminals as final payment for Dutch defender Stefan de Vrij who joined Lazio on a long term contract in 2014 from Dutch club Feyenoord.
Even though four years have passed since de Vrij signed for Lazio, the club believed it still owed Feyenoord two million euros and paid the sum promptly after it received an email from Feyenoord representatives who demanded the payment to be made.
However, it later turned out that Lazio had, in fact, fallen for a well-planned email scam after Feyenoord representatives denied receiving the money. According to Italian newspaper Il Tempo, suspected hackers sent an email to Lazio and made the email appear as if it was sent by the Dutch club.
The email contained a Feyenoord logo and contained bank details where Lazio was supposed to transfer the two million euros. After Lazio realised that it has been phished, an investigation was initiated and the prosecutor confirmed that the bank account where Lazio transferred the money was located in the Netherlands and did not belong to Feyenoord.
It is unclear whether cyber criminals behind the operation have been traced or what happened to the two million euros that were transferred by Lazio. In any case, de Vrij is slated to join another club at the end of a season as a free agent so Lazio will not be able to recover the sum. As of now, Manchester City, Manchester United, Inter Milan, and Liverpool are reportedly interested in signing Lazio once he becomes available.
Back in 2016, Scottish football fans were targeted with phishing emails claiming to be from the Scottish Football Association (SFA), demanding money for tickets. The emails demanded up to £170 each from SFA subscribers and were sent from firstname.lastname@example.org.
According to the SFA, hackers had obtained email addresses and other personal details of football fans after they breached a third-party database.
"This high profile own-goal is a clear warning for all businesses to be prepared for email fraud. Attacks are becoming more sophisticated and scam emails look very professional, increasingly indistinguishable by the naked eye. Cyber-gangs can easily trick employees by registering lookalike domains or using homoglyph characters that look visibly the same," said Hiwot Mendahun, cybersecurity analyst at Mimecast.
"Organisations also need to carefully review how they analyse attachments coming in via email. Deep-file inspection, sandbox analysis and conversion to safe formats are ideal defence techniques. It’s also always best to double check payment details with a phone call," she added.