CYPRUS-based Eurobank has identified a huge email scam, saving a US company $74m (€65m), it emerged on Friday.
The fraud caused the American firm to send $98.9m meant for one of its vendors to an account at Eurobank Cyprus Ltd, which discovered the fraud.
The details of the scheme emerged as the US government filed a civil forfeiture lawsuit in a federal court in Manhattan seeking to recover about $25m in proceeds derived from the fraud held in at least 20 bank accounts around the world.
Nearly $74m has been recovered and returned to the American company, authorities said.
The complaint filed on Thursday “appears to be the largest email scam that I’ve seen,” said Tom Brown, a former Manhattan federal prosecutor who is now managing director of Berkeley Research Group’s cyber security practice.
The scheme at issue in Thursday’s lawsuit took place from August to September 2015, and was identified after the Cyprus-based bank detected suspicious transfers, authorities said.
According to the lawsuit, the perpetrators carried out the scam by creating a fake email address that resembled that of one of the company’s vendors in Asia.
The perpetrators then posed as a vendor while communicating with a professional services company that was hired to handle the details and logistics of vendor payments for the American corporation, the lawsuit said.
Eurobank, on its own initiative in September, restrained nearly $74m of the funds.
The remaining $25m was laundered through other accounts in locations including Cyprus, Latvia, Hungary, Estonia, Lithuania, Slovakia and Hong Kong, authorities said.
Foreign governments, at the request of US authorities, have restrained 20 accounts worldwide that received portions of the remaining stolen funds, which are now the subject of the lawsuit, authorities said.
The case appeared to be the latest, and one of the largest, examples of a “business email compromise,” a growing type of cyber scam in which fraudsters target businesses that work with foreign suppliers or regularly perform wire transfers.
The FBI said in an alert issued to companies last week that businesses had suffered $2.3bn globally in losses from email wire-transfer scams from October 2013 to February of this year.