Advertisement

If you have an ACS member number, please enter it here so we can link this account to your membership. (optional)

ACS values your privacy. By submitting your information, you are gaining access to C&EN and subscribing to our weekly newsletter. We use the information you provide to make your reading experience better, and we will never sell your data to third party members.

ENJOY UNLIMITED ACCES TO C&EN

Finance

Fraudsters dupe chemical maker Orion out of $60 million

Experts say the breach looks like a business email compromise attack

by Alexander H. Tullo
August 22, 2024 | A version of this story appeared in Volume 102, Issue 26

 

A fishing hook catches an at symbol.
Credit: Shutterstock

The carbon black maker Orion has been scammed out of $60 million in a wire transfer fraud scheme.

The company rooted out the fraud earlier this month, it disclosed in a filing with the US Securities and Exchange Commission. An employee, the filing says, “was the target of a criminal scheme that resulted in multiple fraudulently induced outbound wire transfers to accounts controlled by unknown third parties.”

Orion adds that it will record a pretax charge of $60 million if it can’t recover more of its misappropriated funds. Such a loss would be significant for Orion. In 2023, the company earned just over $100 million in profits on $1.9 billion in sales.

The company is cooperating with law enforcement and declines to comment further about the breach because of the ongoing investigation. But the scam bears the hallmarks of a business email compromise (BEC) attack, according to Selena Larson, a threat researcher at the cybersecurity consulting firm Proofpoint.

“It is common for a threat actor to pose as someone in a position of leadership—like a [chief financial officer], for example—to request large transfers of money,” Larson says in an email. “Part of the BEC scam is due to social engineering—fraudsters are very good at convincing someone that they are an important person, and their request is legitimate. In a way, it’s hacking someone’s brain, convincing them to make a bad decision when they otherwise wouldn’t, using language that implies urgency or danger.”

And the scams are lucrative. The US Federal Bureau of Investigation says it received 21,489 BEC complaints last year, representing total losses of more than $2.9 billion.

Advertisement

Article:

This article has been sent to the following recipient:

0 /1 FREE ARTICLES LEFT THIS MONTH Remaining
Chemistry matters. Join us to get the news you need.