The Federal Bureau of Investigation (FBI) has announced arresting 74 individuals for their involvement in business email compromise (BEC) schemes that are designed to steal money by intercepting and hijacking wire transfers from businesses and individuals.
Named Operation WireWire, several federal authorities were involved to disrupt international BEC schemes, including the FBI, Department of Justice, Department of Homeland Security, the Department of the Treasury, and the US Postal Inspection Service. The operation has resulted in 42 arrests in the US, 29 in Nigeria, and three in Canada, Mauritius and Poland.
Today's statement also said that federal authorities seized nearly $2.4 million and disrupted and recovered approximately $14 million in fraudulent wire transfers.
Email fraud schemes result in losses of over billions of dollars
BEC schemes often target employees in the finance department of organizations since they deal in company transactions and make wire transfers. By using phishing, social engineering and other types of malicious attacks and intrusions, these potential targets are tricked into making wire transfers that are believed to be the legitimate bank accounts but instead are controlled by criminals.
"These same criminal organizations that perpetrate BEC schemes also exploit individual victim," the FBI statement reads. These often include "real estate purchasers, the elderly, and others" who are either tricked into making wire transfers to legit-looking but criminally-controlled accounts by impersonating a known person or with romance or lottery scams.
According to the Internet Crime Complaint Center (IC3), these BEC schemes have resulted in losses of over $3.7 billion - and this number is only from the cases that have been reported to the IC3.
The FBI and the IC3 have shared the following frequent BEC scenarios:
- Business Executive: Criminals spoof or compromise e-mail accounts of high-level business executives, including chief information officers and chief financial officers, which result in the processing of a wire transfer to a fraudulent account
- Real Estate Transactions: Criminal impersonate sellers, realtors, title companies, or law firms during a real estate transaction to ask the home buyer for funds to be sent to a fraudulent account
- Data and W-2 Theft: Criminals, using a compromised business executive’s e-mail account, send fraudulent requests for W-2 information or other personally identifiable information to an entity in an organization that routinely maintains that sort of information
- Supply Chain: Criminals send fraudulent requests to redirect funds during a pending business deal, transaction, or invoice payment to an account controlled by a money mule or bad actor
- Law Firms: Criminals find out about trust accounts or litigation and impersonate a law firm client to change the recipient bank information to a fraudulent account.