A coordinated strike conducted by the US’s Federal Bureau of Investigation (FBI) in association with its law enforcement partners around the world has resulted in the disruption of multiple business email compromise (BEC) schemes in many different countries.
The dedicated operation, known as “Eagle Sweep”, was active for a three-month period that commenced in September last year. During the operation, 65 different suspects were arrested in Canada, the United States, South Africa, Nigeria and Cambodia.
A targeted attack on BEC scams
BEC operators are classed as high-level cybercriminal scammers who work to fool employees of legitimate companies into actioning payments to accounts that are under their control, by pretending to be a firm, executive officer or business partner submitting an authentic payment order.
In many recorded cases, these threat operators monitor their selected victim’s communication channels after compromising their corporate network. As a result, they can identify weak and exploitable points within the financial transactions processes used by the firm.
BEC attackers typically strike at the precise moment required by tampering with existing email chains or by using a spoofed account to request that an actual invoice payment is diverted to a new account they have established.
According to the FBI’s 2021 crime report from the Internet Crime Complaint Centre, the financial damage caused by BEC scams last year was around $2.4bn. The real figure is likely to be far higher, as this amount only reflects incidents that were reported. In some instances, a successful BEC scam may go unnoticed or unreported.
A recent announcement by the FBI stated that the scammers who had been apprehended were responsible for the targeting of more than 500 enterprises in the US, resulting in financial losses of approximately $51,000,000.
Individuals arrested after the three-month operation included money launderers and scammers.
Leo Omorogieva Eghaghe of Lagos in Nigeria and Oluwasegun Baiyewu, of Houston, Texas victimised a renewable energy supplier in Puerto Rico and laundered around $4,500,000. In Canada’s Toronto, Osatohanmwen Oriakhi and Bright Osaghni were caught attempting to divert $16,000,000 from victims in their home and south of the border in the United States. A large BEC attack gang working in collaboration out of Houston, Texas included Jamal Moore, Wendy Elizabeth Ramos Lopez, Luis Lopez, Ashley Crespo, Dayana Zaila Ramos, Jerome Crawford, Alvaro Umanzor and David Alvarado. Over two years, the group laundered around $4,500,000, with one successful BEC scheme netting them $900,000
In conjunction with Operation Eagle Sweep, other law enforcement agencies based in Australia, Nigeria and Japan carried out local operations focused on BEC operators.
To avoid BEC scams companies, should always verify the identity of those requesting changes to bank transactions and seek independent proof in suspicious circumstances. Requests made by email for example, should always be supported by a telephone call to an established number (not one included in the email). Multifactor authentication should be activated on all company email accounts and firms should make certain their domain cannot be easily spoofed. This can be accomplished by registering similar domain names that present a significant risk.
Experts in secure emails
Here at Galaxkey we provide a secure email solution that allows you to encrypt your emails, meaning only the intended recipients can view them. You can contact our team for more info, arrange a demo or start a free trial at the link below.