281 people were arrested over a four-month period in the U.S. and in countries around the world as part of Operation reWired, a coordinated effort of multiple law enforcement agencies from several countries, according to Bleeping Computer
“In unraveling this complex, nationwide identity theft and tax fraud scheme, we discovered that the conspirators stole more than 250,000 identities and filed more than 10,000 fraudulent tax returns, attempting to receive more than $91 million in refunds,” said Chief Don Fort of IRS Criminal Investigation.
Besides the arrests made on U.S. territory, Operation reWired also resulted in 167 arrests in Nigeria, 18 in Turkey, and 15 in Ghana, with a number of others also made in France, Italy, Japan, Kenya, Malaysia, and the UK.
Overall, BEC victims have lost over $1,2 billion during 2018 according to an Internet Crime report published on April 2019 by FBI’s Internet Crime Complaint Center (IC3).
This takedown by the US Department of Justice demonstrates that business email compromise (BEC) is a lucrative cybercrime tactic that is being carried out on a global scale. According to Cofense data gathered in October 2018-March 2019, BEC was the third most common phishing method, compromising 9% of all attacks.
Traditional business email compromise scams typically target accounts payable teams and spoof senior company execs. With many of these scams proving hugely successful, organisations worked hard to raise awareness and technology vendors introduced new defensive capabilities. As a result, towards the end of 2018 the Cofense Phishing Defence Centre observed a shift in tactics. Threat actors posed as ordinary employees to target payroll administrators with a simple request: change payroll bank details, so attackers could help themselves to payroll deposits.
As such, organisations need robust processes in place regarding financial transactions and sensitive updates to employee data. They must also ensure their employees are educated, trained and enabled to stay vigilant to suspicious emails – not just from their bosses, but from colleagues, partners and customers at all levels.
One of the reasons that fraud is becoming increasingly difficult to detect is because of the vast digital transformation initiatives that are generating extremely large volumes of data, making it nearly impossible to monitor and detect fraud using human IT personnel, or even conventional rules-based security solutions.
Recent advances in a range of technologies from big data to machine learning have coalesced to build new approaches to fraud analytics. These types of solutions can detect anomalous behaviours and activities in transaction-intensive environments in real time so that mitigations can be triggered immediately.