In January of this year, Argentine footballer Leandro Paredes was transferred from Zenit St. Petersburg to Paris Saint-Germain (PSG) in a deal of around 40 million euros. Under the rules of the FIFA solidarity mechanism, Boca Juniors, the Argentine club that formed the player, would be entitled to receive a 3.5 percent stake in the sale, which corresponds to approximately 1.4 million euros. PSG and Boca Juniors agreed to split the payment into three phases, the first being scheduled for March 6. However, Boca Juniors never got to receive the payment of almost 520 thousand euros that the French club confirmed to have sent.
An investigation was then opened on exchanges of correspondence and documents sent by the French club as evidence that the payment had been made. In one of the documents confirming the transfer, e-mails were discovered, allegedly sent by Boca Juniors, which had minor modifications that were almost imperceptible. According to an Argentine newspaper that had access to the documents of the case, a single letter differentiated the fraudulent email address from the legitimate one. In this way, the instructions from these fictitious addresses contained false data.
After analyzing the documents, the Argentine club discovered that the money had initially passed through a New York bank account, which belonged to the Mexican company Vector Casa de Bolsa. He was then sent to a bank account in Mexico, from another company with the name OM – Soluções de TI, SA.
Following the cyberattack, Boca Juniors filed a complaint in the Argentine court. According to the latest disclosures, the hacker may have had access to an e-mail from a club contributor, thereby obtaining all the information needed to apply social engineering methods effectively. So far the author of the coup is not known, reason why the search continues.