Luxembourgish chemicals and manufacturing giant Orion SA has told US regulators it is losing about $60 million after becoming the target of criminal fraud.

The description of the incident, taken from the company’s 8-K form filed with the U.S. Securities and Exchange Commission (SEC), suggests it may have involved a Business Email Compromise (BEC) scheme, although that term is not explicitly used.

“On August 10, 2024, Orion SA determined that an employee of the company, who is not a named executive, was the target of a criminal scheme that resulted in multiple fraudulently induced outgoing wire transfers to accounts controlled by unknown third parties,” the filing said.

“As a result of this incident, and absent further recoveries of transferred funds, the Company expects to record a one-time charge (pre-tax) of approximately $60 million for the unrecovered fraudulent transfers.”

The 8-K form also explicitly stated that there had been no breach of the systems and that none of the data had been compromised.

BEC fraud is a dirty business. The Feds themselves said earlier this year that it’s even more lucrative than ransomware, with adjusted losses expected to hit $2.9 billion in 2023 alone.

It is a form of phishing that usually involves spoofing a trusted email address, such as that of a supplier of a company with which, for example, the accounting department regularly carries out large monetary transactions.

Typically, the email address is well disguised – perhaps just one character is wrong. The scammers also often do thorough research on both the target and their supplier, learning how and when they communicate to make the deception even more convincing.

For example, a Massachusetts union was targeted in January 2023 in a similar manner. The scammers tricked a union employee into transferring millions of dollars into their bank accounts after manipulating a supplier and citing previously discussed transactions from real emails between the target and the real supplier.

Orion will obviously not be happy about the potential $60 million loss, but it is certainly not an imminent loss for a company that recently raised its 2024 forecast in its half-year results.

It raised its estimates for net sales by a fair amount. It initially set the range at $1.46 billion to $1.54 billion — it now forecasts $1.57 billion to $1.61 billion. It also raised its estimates for operating profit to somewhere between $382.3 million and $415 million, compared with $305.8 million to $338.5 million in the year-ago period.

Orion said police are aware of the incident and plan to take all possible steps to recover the lost funds, including using any available insurance coverage.

“To date, the Company has found no evidence of further fraudulent activity and does not believe at this time that the incident resulted in unauthorized access to any data or systems controlled by the Company,” the filing said.

“However, the company’s investigation into the incident and its impact on the business, including internal controls, is ongoing. Business operations and operations have not been affected.”

The register asked for more information. Orion told us, “Given the ongoing investigation, we are not providing details beyond what is included in our 8-K filing.” ®