Business Email Compromise (BEC) , Email Security & Protection , Email Threat Protection

74 Arrests in Business Email Compromise Takedown

'Operation Wire Wire' a Six-Month, Worldwide Law Enforcement Operation
74 Arrests in Business Email Compromise Takedown

A six-month coordinated global law enforcement effort to crack down on business email compromise schemes has resulted in 74 arrests, the href="https://www.justice.gov/opa/pr/74-arrested-coordinated-international-enforcement-operation-targeting-hundreds-individuals"target="_blank">U.S. Department of Justice announced Monday.

See Also: Live Webinar | M365 Security Concerns Inside Out

The effort, known as "Operation Wire Wire," led to the arrests of 42 suspects in the U.S., 29 in Nigeria and others in Canada, Mauritius and Poland, as well as the seizure of nearly $2.4 million. It also led to the "disruption and recovery" of about $14 million in fraudulent wire transfers, the Justice Department says in a statement.

"It's a major achievement because it's difficult to get human attribution," says href="https://www.bankinfosecurity.com/fraud-c-148">anti-fraud expert Avivah Litan, vice president at Gartner Research. "It's easy to hide in a mesh of email accounts, so this is good news."

Considering the size and scope of the BEC epidemic worldwide, however, Litan says, "it's great to get breadcrumbs, but maybe next time they get the loaf."

The operation, funded and coordinated by the FBI, also included the Department of Homeland Security, Treasury Department and U.S. Postal Inspection Service, along with many other law enforcement agencies in the U.S. and worldwide, the Justice Department says.

The Fraud Schemes

BEC scams typically involve messages that impersonate a company official requesting the urgent payment of funds, resulting in fraudulent wire transfers or checks.

In its statement, the Justice Department notes that these sophisticated scam often target employees "with access to company finances and businesses working with foreign suppliers and/or businesses that regularly perform wire transfer payments." The scams sometimes target personally identifiable information or employee tax records rather than money, officials note. And the same criminal organizations involved in BEC scams also frequently exploit individuals, including real estate purchasers and the elderly.

A number of the cases that resulted in arrests involved international criminal organizations that defrauded small to large-sized businesses, while others involved individual victims who transferred large amounts of money or sensitive records in the course of business, according to the Justice Department.

Since the Internet Crime Complaint Center began keeping track of BEC and its variant, Email Account Compromise, over $3.7 billion in losses has been reported, officials say. "BEC and EAC is a prevalent scam, and the Justice Department, along with our partners, will continue to aggressively pursue and prosecute the perpetrators, including money mules, regardless of where they are located," the statement notes.

Money mules may be witting or unwitting accomplices who receive funds from the victims and then transfer the money as directed by the fraudsters, the Justice Department notes. The fraudsters often "enlist and manipulate the money mules through romance scams or "work-at-home" scams," it adds.

Starting in January, the coordinated enforcement action targeted hundreds of BEC scammers, officials say. "Law enforcement agents executed over 51 domestic actions, including search warrants, money mule warning letters and asset seizure warrants totaling nearly $1 million," the Justice Department statement notes.

Not a Big Dent?

Fraud-fighting expert Shirley Inscoe, senior analyst at Aite Group, notes: "It is always a very positive thing to see law enforcement agencies working together internationally to fight fraud and punish the perpetrators. However, these various cyber-fraud schemes result in billions of lost dollars, and it seems unlikely that a big dent can be made in catching all the perpetrators. While several people were caught and indicted in this one case, there is no indication that they arrested the mastermind behind the scheme or even know who the mastermind is.

"Many people are greedy, and so there will be others ready to quickly step in to take up the task of committing these frauds. When this amount of money can be stolen with little risk of getting caught, there will always be people willing to commit fraud."

Al Pascual, senior vice president of research at Javelin Strategy & Research, calls the crackdown "a great step in the right direction."

He adds: "Of course, with all of the losses and only $2.4 million recovered, you have to believe that this group was only a small part of the problem. I suspect these arrests will force BEC to shift further overseas, and if so, the cooperation across jurisdictions will be a necessary example to follow if law enforcement and banks wants to keep up the pressure.


About the Author

Howard Anderson

Howard Anderson

Former News Editor, ISMG

Anderson was news editor of Information Security Media Group and founding editor of HealthcareInfoSecurity and DataBreachToday. He has more than 40 years of journalism experience, with a focus on healthcare information technology issues. Before launching HealthcareInfoSecurity, he served as founding editor of Health Data Management magazine, where he worked for 17 years, and he served in leadership roles at several other healthcare magazines and newspapers.

Nick Holland

Nick Holland

Former Director, Banking and Payments

Holland focused on the intersection of digital banking, payments and security technologies. He has spoken at a variety of conferences and events, including Mobile World Congress, Money2020, Next Bank and SXSW, and has been quoted by The Wall Street Journal, CNN Money, MSNBC, NPR, Forbes, Fortune, BusinessWeek, Time Magazine, The Economist and the Financial Times.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.eu, you agree to our use of cookies.