A sophisticated fraud scheme using compromised emails and advance-payment fraud has been uncovered by authorities.
The fraud was run by what Europol describes as a “sophisticated” organised crime group which created fake websites and fake email addresses similar to legitimate ones run by retailers and suppliers. Using these fake accounts, the criminals tricked victims into placing orders for goods and requested payment in advance.
However, there never were any goods, so deliveries never took place – instead the stolen money was laundered through Romanian bank accounts controlled by the criminals before being withdrawn at ATMs.
The 23 suspects have been charged following simultaneous raids by police in the Netherlands, Romania and Ireland. They’re believed to have defrauded companies in at least 20 countries across Europe and Asia out of a total of €1 million.
The group is suspected to have been running for several years, offering fictitious items for sale, such as wooden pellets. But last year the group switched how it operated and offered fictional items relating to the COVID-19 pandemic, including protective equipment.
SEE: A winning strategy for cybersecurity (ZDNet special report)
Europol’s European Cybercrime Centre (EC3) aided national investigators in the Netherlands, Romania and Ireland, as well as deploying cyber crime experts to help with raids.
Business Email Compromise attacks are one of the most lucrative forms of cyber crime for internet fraudsters – in 2019, the FBI listed BEC as the cyber crime with the highest amount of reported losses, accounting for $1.77 billion. Overall, it costs businesses much more than ransomware.
To help prevent falling victim to Business Email Compromise attacks, Europol recommends that people should be wary of unsolicited contact from a seemingly senior official, or requests which don’t follow the usual company procedures – especially if the request is supposedly urgent or confidential.
Organisations can also create barriers against falling victim to BEC by ensuring that wire transfers are subject to approval from multiple people to help increase the chance of fraud being spotted.
MORE ON CYBERSECURITY