auris - Fotolia

FBI fights business email compromise with global crackdown

U.S. federal agencies worked with international law enforcement in Operation Wire Wire to find and prosecute alleged cybercriminals conducting business-email-compromise scams.

The United States Department of Justice this week announced the arrests of 74 individuals alleged to have committed fraud by participating in business-email-compromise scams.

The arrests are the result of an international enforcement effort, coordinated by the FBI, known as Operation Wire Wire, which was designed to crack down on email-account-compromise schemes targeting individuals and businesses of all sizes.

Business email compromise (BEC) is a growing problem, accounting for the highest reported losses, according to the FBI's "2017 Internet Crime Report." Criminal organizations use social engineering to identify employees who are authorized to make financial transactions, and then send fraudulent emails from company executives or foreign suppliers requesting wire transfers of funds.

Some schemes are directed at individuals in human resources or other departments in an effort to collect personally identifiable information, such as employee tax records. Others target individual victims, especially those involved in real estate transactions and the elderly.

In January, according to the Department of Justice, the U.S. federal agencies worked with international law enforcement on Operation Wire Wire to find and prosecute alleged fraudsters. The six-month coordinated effort involved the U.S. Department of Homeland Security, the U.S. Department of the Treasury and the U.S. Postal Inspection Service, and it resulted in 42 arrests in the United States, 29 in Nigeria and three in Canada, Mauritius and Poland. Law enforcement recovered $14 million in financial wire fraud during the operation, and they seized close to $2.4 million.

'Nigerian princes' turn to BEC

The techniques and tactics of Nigerian criminal organizations have become more sophisticated, according to Agari Data Inc. The email security company captured and analyzed the contents of 78 email accounts associated with 10 criminal organizations -- nine in Nigeria -- and reported increased BEC activities against North American companies and individuals between 2016 and 2018.

The research involved 59,692 unique messages in email communications originating from 2009 to 2017. According to the findings, business email compromise represented the largest attack vector for email fraud at 24%, even though many of these criminal groups migrated to BEC attacks, starting in 2016. Previously, these groups had focused predominantly on "romance" fraud schemes.

Business email compromise often overlaps or has similarities with cyberfraud schemes involving romance, lotteries, employment opportunities, vehicle sales and rental scams. In some cases, money mules "hired" using romance schemes or fraudulent employment opportunities may not be aware of the BEC scams. Mules receive the ill-gotten funds stateside and transfer the monies to difficult-to-trace, off-shore accounts set up by criminals.

Since January, up to $1 million in assets has been seized domestically, and 15 alleged money mules have been identified by FBI task forces and charged "for their role in defrauding victims."

BEC schemes are hard to detect, because they do not rely on victims downloading malicious email attachments or clicking on fake URLs. Instead, this type of cyberfraud uses identity deception -- 82%, according to Agari -- email spoofing or corrupted email accounts, accessed via malware or credential theft. Researchers found 3.97% of intended targets who responded to the initial emails used in business email compromise became victims.

Dig Deeper on Threats and vulnerabilities