Police have arrested 23 suspects across Europe, following an investigation by Europol into an ongoing BEC scam that cheated companies in at least 20 countries out of approximately $1.17m.
The suspects were a part of an international group of online fraudsters that sold fictional goods to victims and were in operation for years, updating their tactics to exploit current events. The group had been under investigation for years, with Europol providing assistance since 2017.
Charges were brought against the suspects on 10th August. The suspects were taken into custody and a series of raids were carried out at 34 addresses in the Netherlands, Romania, and Ireland, assisted by two cybercrime experts deployed by Europol to ensure relevant evidence was gathered and the Dutch authorities were supported with cross-checking data against real-time information gathered during the operation.
“The fraud was run by an organized crime group which prior to the COVID-19 pandemic already illegally offered other fictitious products for sale online, such as wooden pellets,” said Europol in a press release.
“Last year the criminals changed their modus operandi and started offering protective materials after the outbreak of the COVID-19 pandemic.”
Business email compromise (BEC) attacks were listed by the FBI as the most lucrative form of cybercrime in 2019, amassing the highest amount of reported losses at $1.77 billion, even costing businesses more than ransomware.
To prevent falling victim to BEC attacks, Europol recommends that people should be wary of unsolicited contact from a seemingly senior official, or requests that don’t follow the usual company procedures – especially if the request is supposedly urgent or confidential.
Organisations can also create barriers against falling victim to BEC attacks by ensuring that wire transfers are subject to approval from multiple people to increase the chance of fraud being spotted.