Law enforcement agencies from ten countries have arrested 281 suspects over the last four months as part of a massive crackdown on BEC (business email compromise) scammers.
The operation, tracked internally as Operation reWired, resulted in the seizure of nearly $3.7 million from the 281 suspects, and the recovery of approximately $118 million in fraudulent wire transfers.
The vast majority of the arrests took place in Nigeria, where the Economic and Financial Crimes Commission (EFCC) made 167 arrests. 105 of the 167 arrests took place in the Port Harcourt region, in southern Nigeria, ZDNet has learned.
But, while Nigeria has been known for harboring a large portion of the world’s online scammers, arrests have also taken place in nine other countries.
The Department of Justice reported today 74 arrests in the US, while 18 other suspects were apprehended in Turkey, and 15 other in Ghana. Other arrests also took place in France, Italy, Japan, Kenya, Malaysia, and the UK, the FBI reported.
According to US authorities, all the suspects engaged in BEC (business email compromise), also referred to as EAC (email account compromise).
This is a type of online scam where attackers compromise a company employee’s account and use access to this account to send emails to fellow employees or business partners, requesting payments or redirecting money transfers to their own accounts.
Although a different scam, authorities also use the BEC term to describe situations when scammers send emails to a company’s employees or executives, posing as fellow employees (and without “compromising” accounts), also requesting payments to accounts under their control.
BEC scams were once an outlier of the cybercrime scene, but now it’s by far the most profitable category.
According to an FBI report published earlier this year, US victims lost $1.3 billion in 2018 due to BEC scams, more than double what they lost in the previous year.
According to another FBI report published earlier today, the Bureau said victims from all over the world lost more than $26 billion to BEC scams between June 2016 and July 2019.
Crackdown on BEC scammers started last year
These massive losses pushed US authorities to reassess their priorities. Starting with January 2018, several US agencies reshuffled resources to go after BEC scammers.
First results came in June 2018, when the DOJ announced the arrest of 74 suspects as part of Operation Wire Wire, which resulted in the seizure of nearly $2.4 million, and the recovery of approximately $14 million in fraudulent wire transfers.
New arrests followed in August 2019, when the DOJ announced charges against 80 other suspects, most being Nigerian nationals.
Furthermore, the number of individual cases against lone BEC scammers has also increased in the past year [1, 2, 3].
The suspects arrested today are the most recent wave of crackdowns against organized trans-national BEC operations.
The DOJ also said that some of the suspects charged today didn’t just redirect money from the organizations they attacked, but they also used access to compromised accounts to steal personal information, including financial records that they later used to file fraudulent tax returns. The IRS said the 281 suspects stole more than 250,000 identities and filed more than 10,000 fraudulent tax returns, attempting to receive more than $91 million in tax refunds.