Football club Lazio loses €2 million by falling foul of phishing scam
The Italian team sent an outstanding transfer bill to a fraudster's bank account
Italian football club Lazio has reportedly been scammed out of 2 million by email fraudsters claiming to be a team negotiating the transfer of a player.
The Serie A team was duped into releasing funds after it received an official looking email from what appeared to be representatives from Dutch club Feyenoord, demanding a final payment for the transfer of a player in 2014.
Fraudsters with knowledge of the deal, which saw defender Stefan de Vrij transfer to Lazio from Feyenoord, were able to trick Lazio's accountants into sending the outstanding balance of 2 million (1.75m) to their own bank account, according to Italian newspaper Il Tempo.
Feyenoord claims it had no knowledge of any such communication, and that it never received the funds. According to prosecutors speaking to the newspaper, the money has been tracked down to a Dutch account, but it isn't owned by Feyenoord.
IT Pro has contacted Lazio for comment.
Hackers are frequently falling back on phishing as a means to scam users out of their cash, as fears around the spread of ransomware and DDoS attacks have led to increased spending on website security, making it harder to hack into a site.
It's also another example of how lucrative phishing scams can be, particularly when fraudsters have knowledge of high profile deals, or those involving large transfers.
Get the ITPro. daily newsletter
Receive our latest news, industry updates, featured resources and more. Sign up today to receive our FREE report on AI cyber crime & security - newly updated for 2024.
London art dealers were defrauded out of hundreds of thousands of pounds when an email scamming campaign emerged in November last year. In that case, fraudsters were able to intercept PDF invoices after hacking into the email accounts of clients, replacing the bank details with their own to divert cash.
The scam against Lazio is a "classic case" of email phishing involving a compromised business deal, according to Barry Shteiman, director of threat research at Exabeam.
"Using social engineering, hackers convince employees to wire money to their accounts without the employee knowing this request did not come from within their company. Low tech, but high yield!" he said.
Image: Shutterstock
Dale Walker is a contributor specializing in cybersecurity, data protection, and IT regulations. He was the former managing editor at ITPro, as well as its sibling sites CloudPro and ChannelPro. He spent a number of years reporting for ITPro from numerous domestic and international events, including IBM, Red Hat, Google, and has been a regular reporter for Microsoft's various yearly showcases, including Ignite.