Orion SA says scammers conned company out of $60 million

Luxembourg-based chemicals and manufacturing giant Orion SA is telling US regulators that it will lose out on around $60 million after it was targeted by a criminal wire fraud scheme.

The description of the incident taken from the company's Form 8-K filing with the US Securities and Exchange Commission (SEC) suggests that it may have been a business email compromise (BEC) scheme, although the term isn't used explicitly.

"On August 10, 2024, Orion SA determined that a Company employee, who is not a named executive officer, was the target of a criminal scheme that resulted in multiple fraudulently induced outbound wire transfers to accounts controlled by unknown third parties," the filing reads. 

"As a result of this incident, and if no further recoveries of transferred funds occur, the company expects to record a one-time pre-tax charge of approximately $60 million for the unrecovered fraudulent wire transfers."

The Form 8-K also explicitly noted that there was no break-in into its systems, nor has any of its data been compromised.

BEC scams make for a nasty business. The Feds themselves said earlier this year that they're even more lucrative than ransomware, incurring adjusted losses of $2.9 billion in 2023 alone.

It's a form of phishing that typically involves spoofing a trusted email address, such as a business' supplier with which the accounting department, for example, regularly authorizes sizable money transfers.

Usually, the email address is well-concealed – perhaps just a single character is amiss. The scammers often also carry out thorough research of both the target and their supplier, learning how and when they communicate to make the deception even more convincing.

For example, one Massachusetts trade union was targeted in such a way in January 2023. The scammers tricked one union staffer into sending millions of dollars to their bank accounts after spoofing a supplier and mentioning previously discussed transactions from genuine emails between the target and real supplier.

Orion obviously won't be happy about potentially losing the $60 million for good, but it's far from a threatening loss for a company that recently upgraded its 2024 outlook in its half-year results.

It beefed up the estimates for net sales by a pretty sizeable amount. It initially set the range to be between $1.46 billion and $1.54 billion – it's now forecast to be between $1.57 billion to $1.61 billion. Operating profit estimates also rose to a figure somewhere between $382.3 million $415 million, compared to between $305.8 million and $338.5 million in the prior period.

• Trump campaign cites Iran election phish claim as evidence leaked docs were stolen
• Police take just 2 days to recover $40M stolen in business email scam
• Proofpoint phishing palaver plagues millions with 'perfectly spoofed' emails from IBM, Nike, Disney, others
• New York Times source code leaks online via 4chan

Orion said law enforcement was made aware of the incident and that it intends to pull every lever within reach to recover the lost funds, including potentially available insurance coverage. 

"To date, the Company has not found any evidence of additional fraudulent activity and currently does not believe the incident resulted in any unauthorized access to data or systems maintained by the Company," the filing went on to say. 

"However, the Company's investigation into the incident and its impacts on the Company, including its internal controls, remains ongoing. The business and operations were not affected."

The Register asked for more information. Orion told us: "Amid the ongoing investigation, we are not providing details beyond what is included in our 8-K filing." ®