A vast number of businesses worldwide fall victim every day to a type of sophisticated phishing attack that has been dubbed business e-mail compromise (BEC). The USA's FBI has recently announced the conclusion of a major law enforcement operation that took down several BEC schemes, leading to arrests all over the globe.
FBI launches operation WireWire
The FBI has detailed that its Operation WireWire was designed to disrupt and identify BEC schemes. The effort unfolded over the period of six months and concluded with a two-week coordinated intensive law enforcement effort that saw 74 arrests, including 29 in Nigeria, a further 42 in the USA, and three individuals that were based in Canada, Poland and Mauritius respectively.
They also pressed charges against 15 individuals for their alleged role as money mules in the schemes, while they carried out over 50 domestic actions, including seizing assets and executing search warrants. The FBI partnered with major USA government actors, such as the Department of Treasury, the Department of Homeland Security and the United States Postal Inspection Service, as well as local law enforcement, in order to effectively tackle the global BEC criminal network.
How Business E-mail Compromise works
BEC is a sophisticated scamming technique that often makes use of the popular type of social engineering attack called phishing. In phishing attacks, a scammer disguises as a trusted entity in order to trick the victim into clicking on a malicious link usually included in an email or SMS and allow the attacker unauthorized access to sensitive data like financial and payment information.
In the context of a BEC scheme, the attacker intercepts e-mail communications and wire transfers in order to convince the victims to reroute the money to a fraudulent account. The target of the phishing attack is often a business employee with access to financial information, who is duped into making wire transfers to bank accounts that the perpetrators disguise to make them seem as though they belong to trusted business partners, when in fact the money ended up in bank accounts that were controlled by the fraudsters themselves.
Nigerian charged in BEC scheme
The role of money mules is crucial in these schemes, as they make sure that the money ends up in the hands of the criminals – even though money mules can sometimes also be duped into unwittingly helping the fraudsters. BEC schemes, according to the FBI, originated in Nigeria, but they have now become a common type of cyber-fraud across the globe.
Nigerian Adeyemi Odufuye, also known under the alias “Micky Briggs”, the 31-year-old leader of a seven-member online fraud criminal gang that has been duping USA companies since 2015, was arrested in the UK and extradited in the USA to face trial for his role in the BEC schemes. He was charged with crimes that saw his victims suffer a loss of roughly $2.6 million and he pleaded guilty in January 2018.
Overall, since American authorities began to formally track BEC schemes and email account compromise (EAC) schemes, the reported damages amount to $3.7 billion, according to the FBI. During Operation WireWire, the FBI seized $2.4 million and recovered $14 million in wire transfers.
Cover image credit: FBI in Vancouver, TV series "Fringe" shooting. Wikimedia Commons