Soccer club defrauded

May 29, 2019

The players: three soccer clubs (Russian, French, and Argentine), one midfielder, and about 40 million euros. Plus: scammers. Minus: €520,000. In short, this is the tale of Leandro Paredes’s move from the Russian Zenit team to the French Paris Saint-Germain.

The tale of Leandro Paredes's move from the Russian Zenit team to the French Paris Saint-Germain.

For nonfans

In January, world sports news media announced the transfer of Paredes from Zenit to Paris Saint-Germain. The price tag of this transfer was about €40 million (for 4.5 seasons). According to FIFA rules, Paredes’s first club, the Boca Juniors, claims a certain percentage of the deal (about 3.5%): €1,299,377.48, to be more precise.

Paris Saint-Germain and the Boca Juniors agreed on a payment plan of three installments. The first one, €519,750.99, was supposed to be delivered on March 6 of this year. That part might not have been newsworthy but for one small problem — the Argentine club did not receive the payment.

Where did half a million euros go?

As of March 12 (after the first installment should already have been transferred), the money had not been received. Of course, international bank transfers can take some time. Ultimately, however, the Boca Juniors checked in with the French.

On March 18, the Parisian team replied that the payment had been made. On March 22, they sent a confirmation, attaching a payment receipt to the letter. According to their estimates, the Argentine club would get their money in a week, max.

Time passed. The clubs exchanged leisurely letters on the topic of the missing money. Finally, the Argentines threatened a complaint to FIFA and the French side replied that it had transferred the money in strict accordance with all agreements. The Boca Juniors requested more detailed information, and French club sent them the available correspondence and documentation. That letter was a bombshell.

Soccer-style robbery

The Boca Juniors learned that their money had gone first to the bank account of a Mexican company, Vector Casa de Bolsa, at a New York bank. Later, it went to Mexico, to an account owned by a company called OM IT Solutions S.A. de C.V. That, of course, was the first time the Boca Juniors representatives had heard those names.

How is that convoluted turn of events possible? Well, it turned out that some of the letters from alleged Boca Juniors employees came to Paris Saint-Germain from unauthorized addresses — a simple difference that wasn’t very noticeable. According to the Argentinean news portal Infobae, which has access to the documentation on this case, instead of bocajuniors.com.ar addresses, the fraudsters used addresses on a different domain that differed by just one letter. Those messages contained the instructions that allowed €520,000 to disappear.

The Boca Juniors sought legal help, and as of this writing, the investigation is ongoing. According to one report, the scammers managed to get unauthorized access to the mail of someone from the staff of the Argentine club and from there get the information they needed for effective social engineering.

How not to fall for such a scam

The above is clearly not a story about an ordinary fraud scheme. The attackers were thoroughly prepared. What we can advise here is to teach your employees well, so at least they’ll know the tricks cybercriminals can use.

Our Kaspersky Security Awareness program helps you learn not only how to inform personnel about existing threats, but also to impart the skills they need to resist social engineering methods. You can find more information on the solution’s homepage.