BEC Scammers Disrupted in Multi-Million Dollar Swoop

Several law enforcement agencies across the globe have announced a joint effort to disrupt Business Email Compromise (BEC) campaigns designed to defraud businesses and individuals.

Operation WireWire saw the FBI work with police in Canada, Mauritius, Indonesia, Poland and Malaysia to arrest 74 suspects, including 42 in the US.

Domestically, the Feds said they teamed up with the Department of Homeland Security, the Department of the Treasury and the US Postal Inspection Service in a six-month program which began in January and resulted in a fortnight of “law enforcement activity.”

The operation also led to the seizure of nearly $2.4m and the “disruption and recovery” of around $14m in fraudulent wire transfers.

Many of these cases involved international criminal organizations which defrauded not only small-to-large sized businesses but also individuals including real estate purchasers and the elderly.

BEC incurred the highest losses of any internet-based crime category in 2017, according to the most recent FBI IC3 report. It made over $676m for the scammers, more than three-times the size of the next category down, confidence/romance fraud.

“This operation demonstrates the FBI’s commitment to disrupt and dismantle criminal enterprises that target American citizens and their businesses,” said FBI Director, Christopher Wray. “We will continue to work together with our law enforcement partners around the world to end these fraud schemes and protect the hard-earned assets of our citizens. The public we serve deserves nothing less.”

Separate research by Proofpoint released in February claimed that by the end of 2017, nearly 89% of all organizations studied were targeted by at least one BEC attack — a large jump from the 75% targeted in Q4 2016.

The average number of people targeted in each organization was 13.

Although there are AI-powered tools which can help to detect these scams, one of the best strategies for defense is improved user education and awareness alongside water-tight processes that forbid the transfer of large volumes of cash outside the organization without certain checks.

What’s Hot on Infosecurity Magazine?