You have probably heard of CEO frauds, where somebody sends a message that looks like it comes from the company’s CEO, instructing a member of the finance team to make an urgent payment to a supplier. When the dust settles it becomes clear that the message was not written by the CEO and the recipient bank account does not belong to any supplier. This is just one of many scams that can be conducted by email collectively known as ‘business email compromise’ schemes. The category is of growing significance to law enforcement, as illustrated by a recent US operation which led to 74 arrests. Per the announcement made by the US Department of Justice (DoJ):
Federal authorities announced today a significant coordinated effort to disrupt Business Email Compromise (BEC) schemes that are designed to intercept and hijack wire transfers from businesses and individuals, including many senior citizens. Operation Wire Wire, a coordinated law enforcement effort by the U.S. Department of Justice, U.S. Department of Homeland Security, U.S. Department of the Treasury and the U.S. Postal Inspection Service, was conducted over a six month period, culminating in over two weeks of intensified law enforcement activity resulting in 74 arrests in the United States and overseas, including 29 in Nigeria, and three in Canada, Mauritius and Poland. The operation also resulted in the seizure of nearly $2.4 million, and the disruption and recovery of approximately $14 million in fraudulent wire transfers.
The DoJ provided some examples of the scams:
…Gloria Okolie and Paul Aisosa, both Nigerian nationals residing in Dallas, Texas, were charged in an indictment filed on June 6 in the Southern District of Georgia. According to the indictment, they are alleged to have victimized a real estate closing attorney by sending the lawyer a spoofing email posing as the seller and requesting that proceeds of a real estate sale in the amount of $246,000 be wired to Okolie’s account. They are charged with laundering approximately $665,000 in illicit funds. The attorney experienced $130,000 in losses after the bank was notified of the fraud and froze $116,000.
…a 25-year-old Fort Lauderdale, Florida man was indicted in federal court in Boston on June 6 on one count of money laundering conspiracy. According to the indictment, the individual was part of a conspiracy that engaged in wire fraud. It is alleged that in early 2018, the defendant’s co-conspirators gained access to email accounts belonging to a Massachusetts real estate attorney and sent emails to recipients in Massachusetts that “spoofed” the real estate attorney’s account in an attempt to cause the email recipient to transfer nearly $500,000, which was intended to be used for payment in connection with a real estate transaction, to a shell account belonging to a money mule recruited and controlled by the defendant.
Scams like these are associated with Nigeria but now occur worldwide. They all exploit the poor security surrounding email and the fact that on the internet, nobody knows you’re a dog. There will always be gullible people in the world, so perhaps the comms industry needs to better collaborate on the security of email, so those receiving messages can be more confident about who sent them.