In a major success for law enforcement agencies against cybercrime groups that regularly carry out Business Email Compromise (BEC) attacks, the FBI arrested as many as 74 cyber criminals in just two weeks, 29 of whom were based in Nigeria, and another 42 were in the United States.
International cyber crime operation busted
The arrests took place following a six-month-long investigation that involved personnel from the FBI, the Department of Justice, the Department of Homeland Security, the Department of the Treasury, and the U.S. Postal Inspection Service. The agencies were able to bust several cyber crime groups located in the United States, Nigeria, Canada, Mauritius, and Poland.
"A number of cases charged in this operation involved international criminal organizations that defrauded small- to large-sized businesses, while others involved individual victims who transferred high-dollar amounts or sensitive records in the course of business.
"The devastating impacts these cases have on victims and victim companies affect not only the individual business but also the global economy. Since the Internet Crime Complaint Center (IC3) began formally keeping track of BEC and its variant, e-mail account compromise (EAC), there has been a loss of over $3.7 billion reported to the IC3," said the FBI in a press release.
According to the FBI, a Business Email Compromise (BEC) attack is a scam that involves hackers targeting unsuspecting victims with access to company finances and trick them using social engineering and phishing tactics. This way, fraudsters are able to convince targeted users into making wire transfers to bank accounts thought to belong to trusted partners.
"Foreign citizens perpetrate many of these schemes, which originated in Nigeria but have spread throughout the world. The role of money mules, witting or unwitting, in BEC schemes is very important—they are used to receive the stolen money and then transfer the funds as directed by the fraudsters. The mules usually keep a fraction of the money for their trouble," the agency added.
Major rise in BEC attacks
The fact that Business Email Compromise attacks are now among the most favourite weapons for cyber criminals has been known to the FBI and other investigative agencies since long. Last year, the FBI announced that between October 2013 and December 2016, as many as 40,203 BEC attacks were reported to IC3 and resulted in $5.3 billion in losses.
"The BEC/EAC scam continues to grow, evolve, and target small, medium, and large businesses. Between January 2015 and December 2016, there was a 2,370% increase in identified exposed losses3. The scam has been reported in all 50 states and in 131 countries. Victim complaints filed with the IC3 and financial sources indicate fraudulent transfers have been sent to 103 countries.
"Based on the financial data, Asian banks located in China and Hong Kong remain the primary destinations of fraudulent funds; however, financial institutions in the United Kingdom have also been identified as prominent destinations," it added.
The rise in the number of BEC attacks also coincided with an overall reduction in the number of ransomware attacks across the globe. According to the FBI's yearly Internet Crime report, even though businesses and organisations in the United States reported 2,453 complaints regarding ransomware infections in 2015 and 2,673 in 2016, the number of such complaints reduced drastically to a mere 1,783 in 2017.