Business email compromise: 23 charged over 'sophisticated' fraud ring

Suspects in the Netherlands, Romania and Ireland arrested following coordinated investigation run by Europol into organised online crime, which sold fictional goods to victims.

Business Email Compromise phishing attacks could be the most costly threat facing your organizations

A sophisticated fraud scheme using compromised emails and advance-payment fraud has been uncovered by authorities. 

The fraud was run by what Europol describes as a "sophisticated" organised crime group that created fake websites and fake email addresses similar to legitimate ones run by retailers and suppliers. Using these fake accounts, the criminals tricked victims into placing orders for goods and requested payment in advance.

ZDNet Recommends

The best cyber insurance

The cyber insurance industry is likely to go mainstream and is a simple cost of doing business. Here are a few options to consider.

Read More

However, there never were any goods, so deliveries never took place – instead the stolen money was laundered through Romanian bank accounts controlled by the criminals before being withdrawn at ATMs. 

SEE: A winning strategy for cybersecurity (ZDNet special report) 

The 23 suspects have been charged following simultaneous raids by police in the Netherlands, Romania and Ireland. They're believed to have defrauded companies in at least 20 countries across Europe and Asia out of a total of €1 million. 

The group is suspected to have been running for several years, offering fictitious items for sale, such as wooden pellets. But last year the group switched how it operated and offered fictional items relating to the COVID-19 pandemic, including protective equipment. 

Europol's European Cybercrime Centre (EC3) aided national investigators in the Netherlands, Romania and Ireland, as well as deploying cybercrime experts to help with raids. 

Business email compromise (BEC) attacks are one of the most lucrative forms of cybercrime for internet fraudsters – in 2019, the FBI listed BEC as the cybercrime with the highest amount of reported losses, accounting for $1.77 billion. Overall, it costs businesses much more than ransomware

SEE: Three billion phishing emails are sent every day. But one change could make life much harder for scammers

To help prevent falling victim to BEC attacks, Europol recommends that people should be wary of unsolicited contact from a seemingly senior official, or requests that don't follow the usual company procedures – especially if the request is supposedly urgent or confidential. 

Organisations can also create barriers against falling victim to BEC attacks by ensuring that wire transfers are subject to approval from multiple people to help increase the chance of fraud being spotted. 

MORE ON CYBERSECURITY