The Housing Fund (Fonds du Logement) was clearly targeted and transferred over €800,000 to a fake account.
As the police are likely still investigating the scam, which was announced on Tuesday, there are no details on this specific case. However, it does appear to be likely that this is a so-called "fake president" fraud, which many companies in Luxembourg have fallen prey to for years.
There are no specific statistics concerning how many companies get affected by the scam. A considerable amount of companies do not even make formal complaints out of fear of appearing stupid and presuming that the money is gone.
The Computer Incident Response Center Luxembourg's Gerard Wagener is well acquainted with the "fake president" scam. As a specialist in cybersecurity, he helps companies that have been scammed. In the last month, he explains, four private firms have reported the scam to the CIRCL.
The fraudsters target specific employees that they believe will be able to carry out their request, such as accounts payable clerks or managers. They also impersonate a group executive, such as a CEO, CFO, or the president, in order to manipulate the victim to transfer the money.
Wagener explains that the attacks can sometimes be quite creative, employing multiple techniques such as viruses, hacking computers, and contacting individuals.
The "fake president" scam is one that appears time and again and fraudsters search within a large net. They then contact the company by phone and say that the company must transfer the money.
The accountant would look at the phone number calling and, as it would appear to be the number for the company that usually receives those transfers, will make the transfer. The accountant would not question whether it is a scam or not, but it would soon emerge that the company never called.
As a result, the scam focuses on a detailed phone fraud, even going as far as replicating the hold music for the firm in question.
Another way that the fraud occurs is via email, in which the fraudster will change the bill, add a different account number, and the accountant will usually transfer to this new account.
Wagener explained that the sender email address is forged to such an extent that the recipient would not notice. As the scam concerns large sums of money, companies are usually the targets rather than private individuals.
Two-step verification, as was required in the Housing Fund case, is also not much of an obstacle for fraudsters. When they infiltrate computers, they tend to read all the emails and documents that they can find.
Minister for Housing Sam Tanson will meet the parliamentary commission on housing on Thursday, at which point the topic of the fraud is likely to come up.
Email scam: Housing Fund scammed out of €800,000
Minister announces: €500,000 recuperated for Housing Fund in email scam
