281 Arrested in Worldwide Business Email Compromise Crackdown

281 people were arrested over a four-month period in the U.S. and in countries around the world as part of Operation reWired, a coordinated effort of multiple law enforcement agencies from several countries.

Operation reWired is "a significant coordinated effort to disrupt Business Email Compromise (BEC) schemes that are designed to intercept and hijack wire transfers from businesses and individuals, including many senior citizens," says the U.S. Department of Justice (DoJ) in a press release published today.

"In unraveling this complex, nationwide identity theft and tax fraud scheme, we discovered that the conspirators stole more than 250,000 identities and filed more than 10,000 fraudulent tax returns, attempting to receive more than $91 million in refunds," said Chief Don Fort of IRS Criminal Investigation. 

This follows Operation Wire Wire announced on June 2018, the first enforcement action designed to target hundreds of BEC scammers and which led to the arrest of 74 individuals, the seizure of nearly $2.4 million, and was behind the disruption and recovery of roughly $14 million in fraudulent wire transfers.

Operation reWired lead to the seizure of $3,7 million

Besides the arrests made on U.S. territory, Operation reWired also resulted in 167 arrests in Nigeria, 18 in Turkey, and 15 in Ghana, with a number of others also made in France, Italy, Japan, Kenya, Malaysia, and the UK.

This operation also led to the seizure of approximately $3.7 million which were collected by BEC scammers after redirecting wire payments as part of fraud schemes that trick businesses and individuals into sending funds to attacker-controlled bank accounts.

"Foreign citizens perpetrate many BEC scams. Those individuals are often members of transnational criminal organizations, which originated in Nigeria but have spread throughout the world," added the DoJ.

"In this latest four-month operation, we have arrested 74 people in the United States and 207 others have been arrested overseas for alleged financial fraud," stated Deputy Attorney General Jeffrey Rosen. "The coordinated efforts with our domestic and international law enforcement partners around the world has made these most recent actions more successful."

"The FBI is working every day to disrupt and dismantle the criminal enterprises that target our businesses and our citizens," added FBI Director Christopher A. Wray. "Cooperation is the backbone to effective law enforcement; without it, we aren’t as strong or as agile as we need to be."

More details on some of the arrests made on federal charges for BEC fraud schemes are available within the press release published today by the DoJ.

The $26 billion scam

BEC aka EAC (short for Email Account Compromise) fraud schemes are scams carried out by crooks who will wire out funds without authorization to bank accounts they control via computer intrusion or after tricking key employees into doing it using social engineering.

This type of attack targets small, medium, and large businesses alike, as well as individuals, and it has a high success rate due to the fraudsters' choice to pose as someone that the employees trust like a CEO or a business partner.

Overall, BEC victims have lost over $1,2 billion during 2018 according to an Internet Crime report published on April 2019 by FBI's Internet Crime Complaint Center (IC3).

Also, in a BEC public service announcement published today, IC3 said that it received victim complaints regarding 166,349 domestic and international incidents between June 2016 and July 2019, with a total exposed dollar loss of over $26 billion.

Statistics reported in victim complaints to the IC3 between June 2016 and July 2019:
Domestic and international incidents:	166349
Domestic and international exposed dollar loss:	$26,201,775,589.00

The Financial Crimes Enforcement Network (FinCEN) also issued a separate report in July saying that BEC SAR (short for suspicious activity reports) filings have increased from a $110 million monthly average in 2016 to more than $301 million per month during 2018. 

To make sure that employees aren't tricked by BEC scammers, organizations need to implement strict vendor processes for checking and authenticating payment info modifications using multiple methods. This includes face-to-face meetings and/or direct phone calls every time a change to payment information is being discovered.

If you discover that you are a BEC scam victim, you have to immediately reach out to your financial institution "to request a recall of funds and your employer to report irregularities with payroll deposits."

The FBI also suggests to "file a complaint regardless of the amount with www.ic3.gov or, for BEC/EAC victims, BEC.IC3.gov."