The alleged head of an international network responsible for compromising the email accounts of businesses across the world and then using them to scam victims out of a total of $60m has been arrested by Interpol.
Known as 'Mike', the 40 year-old Nigerian national behind the scams is suspected of deceiving thousands of victims, with one target of scam being conned out of $15.4m.
'The suspect headed a network of cybercriminals and hackers across Nigeria, Malaysia, and South Africa who used malware to compromise the accounts of small and medium-sized businesses then use the hijacked accounts -- including those of executives -- to carry out cyber fraud," Interpol said.
Organisations in Australia, Canada, India, Malaysia, Romania, South Africa, Thailand, and the US all had their email accounts compromised by the cybercriminal gang, which then used trust in emails from the hacked business to trick unsuspecting victims into transferring them money for items and services they would never receive.
The man accused of leading the operation was arrested in Port Harcourt, Nigeria, following collaboration between Interpol, the Nigerian Economic and Financial Crime Commission (EFCC), using intelligence provided by cybersecurity firms Trend Micro and Fortinet.
Working with the Interpol Digital Crime Centre, Trend Micro -- which has been sharing threat information with the global police since 2014 -- and Fortinet were able to help locate the suspect in Nigeria, which then led to his arrest in June.
Following the arrest, a forensic examination of seized devices showed that he'd been involved in a range of cybercrime activities, with two main schemes that used the compromised business email accounts, the agency said.
Firstly, the gang took part in payment diversion fraud, where a supplier's email was compromised and used to send fake messages to the buyer, asking for payments to a bank account under criminal control.
The gang also engaged in CEO fraud, hacking email accounts of executives, and then using their privileges to request money be transferred, with the funds ending up in a bank account operated by the fraudsters.
In total, victims were scammed out of over $60m, which was laundered through accounts in China, Europe, and the US in order to avoid detection. According to Interpol, business email fraud represents a significant growing threat with tens of thousands of companies having fallen victim in recent years.
"The public, and especially businesses, need to be alert to this type of cyber-enabled fraud," said Noboru Nakatani, executive director of the Interpol Global Complex for Innovation.
"Basic security protocols such as two-factor authentication and verification by other means before making a money transfer are essential to reduce the risk of falling victim to these scams," he added.
'Mike' and another suspect arrested in Nigeria face charges of hacking, conspiracy, and obtaining money under false pretences. Both are currently on bail as the investigation continues.