Cybercrime has been punched in the face. Ethical hacking specialists report that the FBI has commanded an international operation that led to the arrest of more than 200 persons involved in a scam via emails that have spawned large economic losses for the victims.
According to experts in ethical hacking, a few months ago the FBI’s Internet Crime Complaint Center (IC3) disclosed that the attempted email fraud, a practice known as Business Email Compromise (BEC), increased 100% over the past year, as well as economic losses arising from this activity.
Through Operation reWired, authorities managed to arrest a total of 281 suspects; 167 of these arrests occurred in Nigeria, which for years has become a kind of hub for such campaigns. In addition, 74 of these arrests occurred in the U.S., 18 in Turkey, 15 in Ghana, and a few others in Japan, the United Kingdom, Italy, France and Malaysia.
Ethical hacking specialists claim that, despite being widely known, such scams continue to generate profits for the operators of malicious campaigns. “Although there are multiple variables to exploit, in most cases attackers try to deceive employees of the target company, posing as suppliers or government agencies to get money transfers,” the experts said.
At the conclusion of the operation, the U.S. Department of Justice (DOJ) described the development of one of these campaigns. Two of the people arrested in the U.S., Brittney Stokes and Kenneth Ninalowo, were charged with scamming staff in a community college in Illinois for more than $3M USD. Three years ago, the university had to cover a payment to a construction company, so it received an email, allegedly sent from the Minneapolis-based construction company.
The message asked the university to update its information in the Automated Clearing House electronic payment system. After doing so, the company sent the agreed payment to a new account operated by the criminals, from where the payment was divided into checks of less than $10k USD that were sent to multiple companies.
However, Bank of America detected this activity, froze the criminals’ bank account, and returned most of the money to the university. The bank detected that one of the checks was sent to Steno Logistics, a company created just a few days before the university began receiving these emails, which helped authorities arrest the suspects. Those arrested have also been charged with fraud against an electrical power supplier, whose name was not disclosed by the DOJ, in December 2017.
An important element in preventing such attacks is attention to detail. International Institute of Cyber Security (IICS) ethical hacking specialists recommend verifying the legitimacy of a website or email address, making phone calls to confirm electronic transactions, and implementing email spam filters to prevent such scams.