Department of Justice Announces Arrest of 74 Business Email Compromise Scammers

A coordinated law enforcement effort involving the FBI, U.S Departments of Justice, Homeland Security, Treasury, the US Postal Inspection Service, and law enforcement agencies in Canada, Mauritius, Poland, Indonesia, Malaysia, and Nigeria has resulted in 74 business email compromise (BEC) scammers and associated criminals being arrested.

The joint law enforcement effort – called Operation Wire Wire – was conducted over a period of 6 months with most of the arrests made in the final two weeks of the operation.  42 arrests were made in the United States, 23 of which were in Florida over the laundering of at least $10 million collected through BEC scams.  A further 29 arrests were made in Nigeria, and nine in Canada, Mauritius, and Poland. Approximately $14 million in fraudulent wire transfers was disrupted and recovered, and almost $2.4 million was seized.

BEC is one of the most popular and lucrative types of phishing attack. It is a sophisticated form of phishing that requires time and planning, with the victims carefully researched.  Access to a high-level executive’s email account is gained, usually through a spear phishing campaign. That email account is then used to send messages to accounts and payroll staff responsible for making wire transfers. Those individuals are convinced to send fraudulent wire transfers to accounts controlled by criminals. In some cases, access to email accounts is not gained, and email accounts are simply spoofed.

Those transfers are often of the order of tens of thousands of dollars, although some scams have seen transfers of hundreds of thousands or even millions of dollars sent to the scammers’ accounts. One of the arrests related to a Seattle business that was scammed out of $1.4 million.

Consumers are also targeted and are convinced to make wire transfers or send checks to the scammers – romance scams are common, as are employment opportunity scams, online vehicle purchase scams, rental scams, and lottery scams.

The scammers are usually part of large transnational cybercriminal gangs, many of which started in Nigeria and have spread around the world. Tackling these gangs requires a coordinated effort involving law enforcement agencies in multiple countries.

“This operation demonstrates the FBI’s commitment to disrupt and dismantle criminal enterprises that target American citizens and their businesses,” said FBI Director Christopher A. Wray. “We will continue to work together with our law enforcement partners around the world to end these fraud schemes and protect the hard-earned assets of our citizens. The public we serve deserves nothing less.”

While it is certainly good news to hear that many scammers have been brought to justice, BEC attacks result in billions of dollars of losses and only a tiny fraction of those losses have been recovered. It is unlikely that these criminal gangs have experienced major disruptions as a result of the arrests, and the criminals running these gangs are likely to still be at large. Further, there is unlikely to be a shortage of individuals willing to take the place of those arrested, given the lucrative nature of the scams.

Author: NetSec Editor