Law enforcement agencies around the world have arrested a total of 281 people suspected of being behind a spate of Business Email Compromise (BEC) scams that have stolen millions of dollars from businesses and individuals.
The arrests were made over the course of four months as part of an investigation dubbed “Operation reWired”, and saw arrests in 10 countries as well as the seizure of nearly US $37 million purportedly stolen from victims.
In a press release, the US Department of Justice described how it worked alongside the FBI and partners in nine other countries. The bulk of arrests took place in Nigeria, but suspected scammers were also apprehended in the United States, Turkey, Ghana, France, Italy, Japan, Kenya, Malaysia, and the United Kingdom.
The scams typically centre around the compromise of employee email accounts, and see fraudulent messages sent to other staff members or business customers asking for payments to be made into bank accounts under the control of the criminals.
In some cases the scammer may not ask for money to be wired into a bank account, but instead attempt to trick staff into sharing sensitive information such as personally identifiable information (PII) or tax records.
Even if you don’t run or work at a company you may still be at risk from similar scams. For instance, the Department of Justice warns that many senior citizens have been duped into unwisely transferring money – sometimes as the result of a romance or lottery scam.
Business Email Compromise has grown significantly as a threat in recent years. Earlier this year AIG, one of the world’s largest insurance companies, published a report which painted such scams as the top cybercrime threat causing losses for business.
Meanwhile, the Financial Crimes Enforcement Network (FinCEN), part of the US Department of the Treasury, has calculated that BEC fraudsters have attempted to steal a staggering US $9 billion since September 2016.
Organisations and individuals who have fallen victim to such scams are urged to complete a form on the Internet Crime Complaint Center (IC3) website to help freeze and recover lost funds if possible and gather information on those responsible.
“Through Operation reWired, we’re sending a clear message to the criminals who orchestrate these BEC schemes: We’ll keep coming after you, no matter where you are,” said FBI director Christopher Wray. “And to the public, we’ll keep doing whatever we can to protect you. Reporting incidents of BEC and other internet-enabled crimes to the IC3 brings us one step closer to the perpetrators.”
Found this article interesting? Follow Graham Cluley on Twitter or Mastodon to read more of the exclusive content we post.