Cyber Incident Victim: Klagenfurter Einzelunternehmer
Date:
Sep 2023
Location:
Austria
Summary
A Klagenfurter Einzelunternehmer was defrauded of a low five-figure sum after ordering equipment from a known Italian company. The perpetrator used a fraudulent email address that closely mimicked the legitimate one to intercept communications and provide fraudulent payment instructions. The victim transferred the funds to a bank account in Portugal before the deception was discovered weeks later when inquiring about the delivery status. The incident remains under investigation.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
A Klagenfurter Einzelunternehmer, a sole proprietor based in Klagenfurt, was significantly impacted by a business email compromise incident occurring on September 11, 2023. The incident originated from a legitimate business transaction for the purchase of salt spreading devices from a known Italian company. The two firms had engaged in multiple email exchanges using their official and established email addresses to discuss the order details. During the course of this routine business correspondence, the Klagenfurter entrepreneur received subsequent emails that appeared to continue the thread but originated from a subtly altered email address. This change in the communication source was not immediately detected by the recipient.
On September 11, 2023, acting on the instructions received from the fraudulent email address, the entrepreneur initiated a wire transfer for the full payment amount to a bank account located in Portugal, believing it to be the legitimate account of the Italian supplier. The transaction was processed without any apparent initial suspicion. The business operated for over two weeks under the assumption that the order was proceeding normally, with no indication that the funds had been sent to a fraudulent recipient.
The discovery of the deception occurred on September 26, 2023, when the Klagenfurter company proactively contacted its Italian business partner through their official channels to inquire about the status of the delivery. During this direct communication, the Italian firm confirmed they had not received any payment and had no record of the recent transaction instructions. This exchange revealed that the earlier emails directing the payment to the Portuguese account were fraudulent and not sent by the actual Italian company. The legitimate business partners jointly identified that a compromise of their email correspondence had taken place.
The direct financial impact of this incident was a confirmed monetary loss in the low five-figure euro range. This sum represented the full payment for the salt spreading devices that was irrevocably transferred to the attacker-controlled bank account. The incident did not involve any ransomware, data exfiltration, or a direct compromise of the company's own IT systems; the attack vector was solely the deception achieved through the spoofed email communication. The primary consequence was the immediate financial damage, as the funds were unrecoverable by the entrepreneur at the time of discovery.
Following the identification of the fraud, the incident was reported to the appropriate law enforcement authorities. A formal criminal investigation was initiated to determine the origin of the fraudulent emails and to trace the movement of the stolen funds. These official investigations were confirmed to be ongoing at the time of reporting. The business was required to manage the operational and financial repercussions of losing a substantial sum of money intended for essential equipment. The response actions were limited to the post-incident reporting and cooperation with law enforcement, as the fraudulent financial transaction could not be reversed once it was completed and discovered.