Financial Crime World

Slovenian Police Bust £1.7 Million Bank Scam Involving Fake British Insurance Company

In a major bust on March 21, 2023, Slovenian police arrested five individuals suspected of masterminding a £1.7 million bank fraud involving a fake British insurance company. The scam targeted small and medium-sized Slovenian firms.

Overview of the Scam

  • Five individuals arrested for a £1.7 million bank fraud
  • Fake British insurance company involved
  • Scam targeted small and medium-sized Slovenian firms

Beginning of the Scam

The scam began surfacing in April 2012. Perpetrators sent emails impersonating local Slovenian banks and, in one instance, the state tax authority. These emails contained malicious attachments disguised as harmless PDF files, infecting the recipients’ computers with Remote Administration Tools (RATs) and keyloggers.

Targeted Firms and Stolen Funds

All 48 targeted firms were clients of an unnamed Slovenian bank, which employed a card authentication system connected directly to the computer. Transactions were scheduled to occur over weekends or during national holidays to minimize risk of detection. Nearly £1.7 million was stolen, with around half of the funds remaining unaccounted for.

Laundering the Illegally-Obtained Funds

To launder the ill-gotten gains, the scammers recruited 25 ‘money mules’ who were led to believe they were working for a legitimate British insurance company starting operations in Slovenia. These unsuspecting participants received funds from the affected firms and forwarded them on to accounts controlled by the criminals, convinced they were making legitimate transactions. No evidence of UK nationals’ involvement in this scheme has been identified.

Adaptation of Attack Methods

The fraudsters created 14 versions of the Trojan, adapting and improving it as anti-malware software began to detect their scam. According to Gorazd Bozic, Head of Slovenia’s national Computer Emergency Response Team (SI-CERT), similar attacks employing RATs and keyloggers are common within the major crime sphere.

Comparison to Previous UK Scams

A 2010 UK scam involving the “Zeus” family of malware resulted in an alleged £20 million theft. The Slovenian scam employed locally-developed malware, but its tactics bore resemblance to Zeus and Citadel.

Risks of Money Mules and Prevention

A February 2013 survey by Financial Fraud Action showed that 19 percent of UK students who received unsolicited offers for money transfers had accepted, carrying potential consequences including money laundering charges and imprisonment. In 2010, 37 alleged money mules were charged in the US for their involvement in a series of bank frauds.

Disclaimer

Please note that the events, details, and potential implications in this article are for informational purposes only. WIRED UK does not endorse any actions taken by the individuals or organizations mentioned or implied. The article aims to generate awareness and understanding but does not serve to promote or condone criminality.