Fraudsters Target Pepco in Major Phishing Attack

The European retail chain Pepco was deceitfully coerced into transferring a substantial amount of funds to fraudsters through an intricate phishing attack, as disclosed in its official press release.

The Hungarian division of Pepco Group, which owns brands such as Poundland in the United Kingdom, Dealz in Ireland and Spain, as well as Pepco in various European countries, fell victim to cybercriminals, incurring a financial loss estimated at around 15 million euros.

CVE-2021-28550

Login into account in email envelope and fishing hook. Phishing scam, hacker attack and web security concept. online scam and steal. vector illustration in flat design

It remains uncertain whether the funds will be recoverable, though the company is actively collaborating with law enforcement agencies and banks to locate and freeze the stolen assets. Pepco emphasized that the cyberattack did not compromise the personal data of customers, suppliers, or staff.

Furthermore, the company reassured its clients and business partners of its financial stability, highlighting its access to over 400 million euros in liquidity from cash and credit resources.

The press release also mentions the undertaking of a comprehensive audit of all systems and processes to enhance business security in the future.

While the company has not divulged the technical specifics of the attack, it is plausible that Pepco was targeted by a Business Email Compromise (BEC) attack, involving fraudulent activities using business email.