Business email compromise: 23 charged over 'sophisticated' fraud ring
A sophisticated fraud scheme using compromised emails and advance-payment fraud has been uncovered by authorities.
The fraud was run by what Europol describes as a "sophisticated" organised crime group that created fake websites and fake email addresses similar to legitimate ones run by retailers and suppliers. Using these fake accounts, the criminals tricked victims into placing orders for goods and requested payment in advance.
However, there never were any goods, so deliveries never took place – instead the stolen money was laundered through Romanian bank accounts controlled by the criminals before being withdrawn at ATMs.
SEE: A winning strategy for cybersecurity (ZDNet special report)
The 23 suspects have been charged following simultaneous raids by police in the Netherlands, Romania and Ireland. They're believed to have defrauded companies in at least 20 countries across Europe and Asia out of a total of €1 million.
The group is suspected to have been running for several years, offering fictitious items for sale, such as wooden pellets. But last year the group switched how it operated and offered fictional items relating to the COVID-19 pandemic, including protective equipment.
Europol's European Cybercrime Centre (EC3) aided national investigators in the Netherlands, Romania and Ireland, as well as deploying cybercrime experts to help with raids.
Business email compromise (BEC) attacks are one of the most lucrative forms of cybercrime for internet fraudsters – in 2019, the FBI listed BEC as the cybercrime with the highest amount of reported losses, accounting for $1.77 billion. Overall, it costs businesses much more than ransomware.
To help prevent falling victim to BEC attacks, Europol recommends that people should be wary of unsolicited contact from a seemingly senior official, or requests that don't follow the usual company procedures – especially if the request is supposedly urgent or confidential.
Organisations can also create barriers against falling victim to BEC attacks by ensuring that wire transfers are subject to approval from multiple people to help increase the chance of fraud being spotted.
MORE ON CYBERSECURITY
- Phishing scams: The new hotspots for fraud gangs
- Texas resident jailed for role in $2.2 million romance, business email scams
- No, you can't buy a COVID vaccine online, so ignore that ad, text or email
- Phishing scams are costing us more than ever. This trick is most likely to catch you out
- Phishing attacks: This sophisticated new group has been operating undiscovered for at least a year