Ray-Ban maker saw $272 million stolen by cybercriminals -- behind it was a romance scam

Company blames JPMorgan for AML failings, sues it for recovery

A unit of the French maker of Ray-Ban glasses saw $272 million stolen from its JPMorgan bank account by cybercriminals – with the help of a lonely insider – and is suing the bank for failing to spot the transactions.

“The average monthly dollar volume of transactions skyrocketed from $15 million to over $100 million and JPM never asked for, or received, an explanation for the increased volume” Essilor Manufacturing (Thailand) Co. (EMTC)  which operates a plant in Thailand for France’s Essilor said in its initial filing in April 2022.

The company also had a $10 million overdraft limit with JPMorgan. On several occasions this was exceeded by over $20 million, Essilor said, without JPMorgan's anti-money laundering (AML) systems flagging a problem.

A US District Judge on January 4, 2022, dismissed Essilor’s breach of contract and negligence claims against JPMorgan, but said it can proceed with contract law provision claim to recover the lost sums: Essilor says it has recovered “through a costly and burdensome process” much of the stolen money but $100 million is still missing.

Central to the fraud's success was a romance scam targeted at EMTC's Chief Financial Officer...

Ray-Ban maker blames JPMorgan for AML failures

The fraud took place between mid-September 2019 and mid-December 2019, during which “international cybercriminals caused EMTC to make approximately 243 fraudulent payments… out of the NY Account.”

They used a misled Essilor insider (being held by Thai police) to initiate the fraudulent payment orders “beyond the scope of her authority”; as two separate approvals were required, she “misappropriated the credentials of the designated second approver” to pull $140 million from the JPMorgan account in December 2019 alone.

The Ray Ban maker said of the fraud in its initial complaint that the bank’s AML systems should have flagged not just the sharp rise in payments, but the fact that whilst “most payment orders out of the NY Account were for a very specific amount of money, down to the cents (e.g., $18,203.96 or $34,270.80), with very limited exceptions, during the Fraudulent Period, there was an uptick in round-number (i.e., no cents) payment orders.”

Follow The Stack on LinkedIn

The plaintiff also claimed that “most of the transfers went to shell companies, or companies that were not involved in the optical industry, with accounts at regional banks, often in high-risk jurisdictions.”

The cherry on this painful cake for Essilor, it said, was that “On December 11, 2019, Essilor attempted to transfer $19 million from its JPM account to an account it held in another bank using the SWIFT network. This transfer, which was not fraudulent, was blocked presumably because JPM detected unusual account activities.”

JPMorgan had claimed in its attempt to get the lawsuit dismissed that it was not the 'sender' of the payment orders and thus cannot obtain a refund and that "EMTC failed to detect the fraud over the four months it was being committed – failing to account along the way for more than a quarter billion dollars."

Ray-Ban's JPMorgan dispute has its roots in a "romance scam"

The insider, EMTC's filings reveal, was Chamanun Phetporee, its Chief Financial Officer.

Chamanun Phetporee

Reports from Thailand say that she was the victim of a "romance scam".

The CFO was lured in by a fraud gang. One member made contact on LinkedIn purporting to be a US doctor working in Afghanistan who would like to retire in Thailand. Over a protracted period he built a relationship with her (police reviewed 50,000+ WhatsApp messages) and claimed he was inheriting money from his wealthy father who had just died.

The fraudster even sent her a fake death certificate and twice flew her to meet his "lawyer" in Malaysia, who showed her piles of cash that he said were part of the inheritance that he wanted her to help manage.

"Dr Andy" told her he wanted to buy a luxury home for the two of them with the inheritance, but when it came time to put the deposit down, told her he was having trouble transferring the money out of a Swiss bank account, so he asked her if she could pay the deposit and he would pay her back; having lured her in, members of the gang later messaged her to say ‘Dr Andy’ had a heart attack in Afghanistan and needed money for treatment, along with other requests.

After Essilor noticed the missing funds and hired private investigators to look into it, they initially thought the CFO was a member of the gang before ultimately concluding she was a credulous and highly lonely victim.

As ABC's Mazoe Ford reported last summer: "When Chamanun was first interviewed by police, she did not believe that her six-month relationship with ‘Dr Andy’ was a lie. She cried a lot, her whole world was breaking down,” Lieutenant Colonel Korkiat of the Thai Police said: "I explained to her step by step [how] this was the modus operandi of a romance scam case … but she couldn’t believe it. We had to say it for many days.”

ABC reported that the scam was traced back to Nigeria, but found that the group also had people working in Thailand, Malaysia, England, the United States and even Australia. Some 22 of a suspected group of 30 are now behind bars. As per the Ray-Ban maker's case against JPMorgan, $100 million is still missing.

The suit is Essilor International SAS v. J.P. Morgan Chase Bank, N.A., 22-cv-03361.

WebAssembly, Rust are helping break down cybersecurity, fraud siloes