Grocery Store Falls For $10 Million Phishing Scam

    October 31, 2007

Supervalu, a large grocery store chain was involved in a phishing scam that duped the company into sending $10 million to fraudulent bank accounts, according to federal court filings.

The fraud occurred when a Supervalu in Idaho received two emails, one claiming to be from American Greetings employee and another claiming to be with Frito-Lay, according to court documents. The email said the companies wanted payments sent to new bank account numbers.

Supervalu sent over $6.5 million to the bogus American Greetings account and close to $3.6 million to the phony Frito-Lay account before learning it was a scam. The FBI was able to recover the money before the scammers, but American Greetings, Frito-Lay and Supervalu are in a dispute as to who the money belongs to. U.S. District Judge B. Lynn Winmill will decide where it should go.

"Supervalu was the target of attempted financial fraud," company spokeswoman Haley Meyer said, "We were able to quickly discover and report this to the FBI. As a result of the quick work of the Boise FBI Office and the U.S. attorney, any funds lost are minimal."

Supervalu began sending payments to American Greetings in the wrong account on February 28. The company made a total of nine payments before discovering the error where money was wired to HSBC Bank in Miami Beach, Florida.

Supervalu’s vice president for legal services, Stephen Kilgriff, said the company received email on Feb.28 that instructed future wire transfers be sent to a First Security Bank account in Rogers, Ark. The fraud was also detected March 6 when the company contacted police.

The type of scam that Supervalu fell victim to is called spear phishing where individuals are targeted by name and sometimes title.