Kymatio Isotype
Why Kymatio
Partners
Book a demo
Book a demo
EN
Kymatio Isotype
Why Kymatio
Partners
Book a demo
This website uses cookies

We use cookies to personalise content and ads, to provide social media features and to analyse our traffic. We also share information about your use of our site with our social media, advertising and analytics partners who may combine it with other information that you’ve provided to them or that they’ve collected from your use of their services.

I acceptSettings
Cookie settings
Kymatio uses cookies to make your experience better. Check our Privacy Policy to learn more.
Strictly necessary (always active)
Cookies required to enable basic website functionality.
Accept all cookiesSave settings
Close
articles
Social engineering. CEO fraud of 9 million euros in the phishing scam to the biopharmaceutical company Zendal
Cyberattacks

Social engineering. CEO fraud of 9 million euros in the phishing scam to the biopharmaceutical company Zendal

by
Kymatio
|
December 3, 2020

A hacker has stolen more than 9 million euros from the Zendal pharmaceutical company in Galicia, Spain, by posing as a manager in a CEO fraud scheme. This impersonation allowed the attacker to make multiple bank transfers in his own name.

IN THIS article
Text Link
Book a demo

Hacker Steals €9 Million from Spanish Pharmaceutical Company via CEO Fraud

Incident Overview
A hacker has scammed more than €9 million from the Zendal pharmaceutical group in Galicia, Spain, using a CEO Fraud scheme. The attacker posed as a senior manager to authorize multiple bank transfers in his own name.

Attack Method

  • Technique: Phishing with forged sender identity.
  • The hacker impersonated a top executive to deceive the CFO into making several transfers.
  • The scam went unnoticed until the company began to experience liquidity issues.
  • Upon contacting the real manager, the CFO discovered the transfers had never been authorized.

Context

  • Zendal is one of Spain’s leading biotechnology companies, currently preparing to produce hundreds of millions of COVID-19 vaccine doses.
  • The company has filed a complaint with the Civil Guard, and investigations are underway to trace the money and identify those responsible.
  • Zendal has stated that it will not make further public comments until the investigation concludes and will continue work on vaccine production.

Impact
This incident highlights how social engineering — particularly CEO Fraud — can cause devastating financial losses even in large, well-established organizations.

Key Takeaway
It is essential to train employees on the multiple forms of social engineering attacks and ensure strong verification processes for financial transactions.

related articles

Explore more articles

Why an AI-Phishing Benchmark is Critical for Your 2025 Strategy
Cyberattacks
Cybersecurity Prevention
Why an AI-Phishing Benchmark is Critical for Your 2025 Strategy
by
Kymatio
|
August 19, 2025
NIS2 vs. DORA comparison — what applies to your organization
Cyberattacks
Cybersecurity Glossary
NIS2 vs. DORA comparison — what applies to your organization
by
Kymatio
|
August 1, 2025
Annual Campaign Calendar: Phishing, Smishing, Vishing and QRishing
Cyberattacks
Cybersecurity Prevention
Annual Campaign Calendar: Phishing, Smishing, Vishing and QRishing
by
Kymatio
|
July 29, 2025
ACTIVATE YOUR HUMAN FIREWALLS

Ready to uncover the real risk within your organization

Book a demo
Know the real risk
4.8 in Capterra

Join the Kymatio® newsletter and get the latest insights, research, and practical tips on cybersecurity awareness prevention straight to your inbox.

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
Services
HRMAssessment  & AwarenessAttack SimulationsBreach ScanDigital Wellbeing
Use cases
Public SectorFinancial SectorHealthcare SectorLarge enterprises
About us
Why KymatioKnow KymatioOur valuesSuccess Stories
Resources
BlogWebinarsWhitepapersNews
Get in touch
ContactLinkedInXFacebookYoutube
© 2025 Kymatio. All Rights reserved.
Privacy policy
·
Compliance
·
Cookies Policy
·
Legal Notice
·
AI Policy