281 Alleged Email Scammers Arrested in Massive Global Sweep

Credit to Author: Lily Hay Newman| Date: Tue, 10 Sep 2019 22:46:55 +0000

The most sweeping takedown yet of so-called BEC scammers involved arrests in nearly a dozen countries.

The Department of Justice today announced the arrest of 281 suspects in connection with email scams and wire transfer fraud. The action is the biggest of its kind yet against this type of digital scammer, and is a strong symbol of law enforcement's sense of urgency in trying to contain a rapidly growing threat.

You're familiar with crimes like this, even if you don't know them by their proper name of "business email compromise" schemes. It involves the coordinated crafting of compelling scam emails that trick employees or vulnerable individuals into sending money, then using strategic mules to wire the funds back to the perpetrators. Such scams have ballooned in recent years, costing victims tens of billions of dollars over time. The DOJ said the new round of arrests took four months to carry out across 10 countries, and resulted in the seizure of almost $3.7 million.

Tuesday's law enforcement initiative, dubbed Operation reWired, involved extensive international coordination to make 167 arrests in Nigeria, 74 in the United States, 18 in Turkey, and 15 in Ghana. The remainder took place in France, Italy, Japan, Kenya, Malaysia, and the United Kingdom. Research and law enforcement investigations have shown that a large proportion of all email scamming originates in West Africa, specifically Nigeria, but the scams have spread, partly because some West African actors have moved around the world.

The operation follows a 2018 email scam enforcement operation known as Wire Wire, in which 74 suspects were arrested around the world. But through international collaboration, law enforcement agencies have increasingly been able to make email scam-related arrests. Just three weeks ago the Department of Justice indicted 80 suspects, largely Nigerian nationals, in relation to a massive alleged email scam and money laundering scheme. Fourteen arrests were made in connection with that case.

The new arrest of 281 suspects involved global coordination among law enforcement agencies. In the US alone, Operation reWired involved the DOJ, the Department of Homeland Security, the Treasury, the State Department, and the Postal Inspection Service.

"The Department of Justice has increased efforts in taking aggressive enforcement action against fraudsters who are targeting American citizens and their businesses in business email compromise schemes and other cyber-enabled financial crimes," Deputy Attorney General Jeffrey Rosen said in a statement on Tuesday. "The coordinated efforts with our domestic and international law enforcement partners around the world has made these most recent actions more successful … Anyone who engages in deceptive practices like this should know they will not go undetected and will be held accountable."

Email scamming has exploded over the past few years as attackers have streamlined, refined, and professionalized their operations. The Federal Bureau of Investigation said Tuesday that between June 2016 and July 2019 there have been more than 166,000 domestic and international reports of email fraud resulting in more than $26 billion in losses. Previously the estimated losses between October 2013 and May 2018 had been more than $12 billion worldwide, meaning losses doubled in roughly the past year. The FBI attributes that uptick both to increased criminal activity and more victims coming forward.

The scams are also ubiquitous. They have been reported in all 50 states and 177 countries, and the FBI notes that fraudulent money transfers associated with the crimes have shown up in at least 140 countries, with the most popular being banks located in China and Hong Kong and increasingly the UK, Mexico, and Turkey.

The scams feel so pervasive in part because they're not always just basic email scams. They encompass a complex web of connections between traditional email scamming, W-2 tax fraud, check fraud, gift card scams, and more involved schemes.

"It's going to be difficult to make a significant impact overall."

Crane Hassold, Agari

For example, employment scammers trick people into submitting their personally identifying information to bogus job listings and then "hire" them for work-from-home jobs. They overpay them for their work, and then ask the victim to wire back the overage before the initial payment goes through. Similar bait-and-switch fraud centers on rentals, lottery tickets, and online car sales. In romance scams, attacks will spend months or even years establishing deceptive romantic relationships with victims online. They'll then not only siphon their target's money directly but use them as middlemen to transmit stolen funds.

The arrest of 281 people suspected of contributing to this scammy ecosystem may seem like it would deal an enormous blow to the activity overall. But digital scams have become big business around the world. It's relatively easy to learn the techniques, since the schemes are all intentionally low-tech and depend fundamentally on classic scams that prey on human biases and emotional and behavioral weaknesses, rather than relying on sophisticated malware or other advanced hacking techniques.

"Will it make a dent? It's really hard to say," says Crane Hassold, senior director of threat research at Agari who previously worked as a digital behavior analyst for the FBI, of the arrests. "There are so many actors doing BEC and other types of social engineering scams—there could be thousands, especially in West Africa—that it's going to be difficult to make a significant impact overall."

https://www.wired.com/category/security/feed/