FacebookTwitterLinkedIn

INTERPOL Strikes Back And Recovers $40 Million From BEC Scammers

Karolis Liucveikis Written by on

In a statement released by INTERPOL, it was revealed the international policing agency helped recover 40 million USD stolen from a victim who suffered a Business Email Compromise (BEC) attack.

These are attacks where threat actors compromise an enterprises' email service, then trick employees to pay invoices from suppliers into accounts controlled by the threat actor.

INTERPOL Strikes Back And Recovers $40 Million From BEC Scammers

From 2013 to 2018, a total of 12 billion USD was stolen by threat actors employing this attack methodology. In 2023, according to the FBI IC3 Report, law enforcement received 21,489 BEC complaints with 2.9 billion USD in reported losses due to BEC attacks. These statistics highlight the scale of the problem well.

Regarding the recovery efforts, INTERPOL noted that on July 23, 2024, a commodity firm based in Singapore filed a police report stating that they had fallen victim to a BEC scam. The police report further noted that on July 15, 2024, the firm had received an email from a supplier requesting that a pending payment be sent to a new bank account based in Timor-Leste, an island nation close to Indonesia.

The email came from a fraudulent account, spelled slightly differently from the supplier's official email address. These subtle changes in email addresses are often hard to pick up by employees, who inherently trust that their email servers have not been compromised.

Unfortunately, the firm transferred 42.3 million USD to the fake supplier on July 19. The crime was discovered four days later when the genuine supplier said it had not been paid. Once the police report was received, the Singapore Police Force (SPF) swiftly requested assistance from authorities in Timor-Leste through INTERPOL's Global Rapid Intervention of Payments (I-GRIP).

Through the use of I-GRIP, SPF's Anti-Scam Centre received confirmation that 39 million USD was detected and withheld from the threat actor's bank account in Timor-Leste. A further 2 million USD was recovered by law enforcement following up on the suspects implicated in the scam.

The speed at which I-GRIP can operate makes it vital to recovery efforts previously hampered by the international banking system.

Summarizing INTERPOL's short but effective history of I-GRIP, the statement said,

Since its launch in 2022, INTERPOL’s I-GRIP mechanism has helped law enforcement intercept hundreds of millions of dollars in illicit funds…During its pilot phase, I-GRIP was pivotal in helping several countries recover funds transferred to fraudsters in the early years of the COVID-19 pandemic, including the interception of USD 3.4 million transferred from an Italian company in September 2020 for non-existent medical equipment in Indonesia…In a 2024 INTERPOL operation, police used I-GRIP to intercept USD 331,000 in a business email compromise fraud involving a Spanish victim who transferred money to Hong Kong, China.

Operation First Light

The above is not the only example of INTERPOL's recent successes in combatting the scourge of online cybercrime and scams. In March and May 2024, the international law enforcement agency conducted Operation First Light, which involved 61 countries taking down a variety of online scammers and seizing stolen assets. Approximately 257 million USD was recovered from scammers and online threat actors.

Summarizing the vast operation, Interpol went on to say,

A global police operation spanning 61 countries has delivered a financial blow to online scam networks by freezing 6,745 bank accounts, seizing assets totaling USD 257 million, and disrupting the transnational organized crime networks involved…Targeting phishing, investment fraud, fake online shopping sites, romance and impersonation scams, Operation First Light 2024 led to the arrest of 3,950 suspects and identified 14,643 other possible suspects in all continents…Police collectively intercepted some USD 135 million in fiat currency and USD 2 million in cryptocurrency. Fiat currency, such as the US Dollar, Euro, or Yen, is official currency issued and regulated by governments…Other assets worth over USD 120 million were seized, including real estate, high-end vehicles, expensive jewelry, and many other high-value items and collections.

I-GRIP again played a vital role in helping to recover illicit gains. The system was also shown to be capable of preventing fiat currency and cryptocurrencies, a favored transaction method of cyber criminals and gangs, from reaching threat actor-controlled accounts. Since the system's adoption in 2022, it has helped law enforcement agencies recover approximately 500 million USD.

In March 2024, INTERPOL published its assessment of the current financial fraud landscape. It concluded that technology was facilitating financial fraud to a large extent.

Further, the use of Artificial Intelligence (AI), large language models, and cryptocurrencies combined with phishing and ransomware-as-a-service business models has resulted in more sophisticated and professional fraud campaigns without the need for advanced technical skills and at relatively little cost.

Some of the assessment key findings were as follows:

  • The most prevalent global trends are investment fraud, advance payment fraud, romance fraud, and business email compromise.
  • Financial fraud is most often carried out by a network of co-offenders, varying from highly structured to loosely affiliated.
  • An urgent need to strengthen data collection and analysis to develop more informed and effective counter strategies.

Fortunately, through hard detective work and mechanisms like I-GRIP, INTERPOL can strike back at cyber criminals and online scammers. It is hoped that operations like First Light continue to put pressure on criminals and dent their lucrative earnings potential.

However, INTERPOL did not know that to better combat this epidemic, better and more robust multi-stakeholder and public-private partnerships need to be built to better trace and recover funds lost to financial fraud.

▼ Show Discussion

About the author:

Karolis Liucveikis

Karolis Liucveikis - experienced software engineer, passionate about behavioral analysis of malicious apps.

Author and general operator of PCrisk's "Removal Guides" section. Co-researcher working alongside Tomas to discover the latest threats and global trends in the cyber security world. Karolis has experience of over five years working in this branch. He attended KTU University and graduated with a degree in Software Development in 2017. Extremely passionate about technical aspects and behavior of various malicious applications. Contact Karolis Liucveikis.

PCrisk security portal is brought by a company RCS LT. Joined forces of security researchers help educate computer users about the latest online security threats. More information about the company RCS LT.

Our malware removal guides are free. However, if you want to support us you can send us a donation.

About PCrisk

PCrisk is a cyber security portal, informing Internet users about the latest digital threats. Our content is provided by security experts and professional malware researchers. Read more about us.

New Removal Guides
Malware activity

Global malware activity level today:

Medium threat activity

Increased attack rate of infections detected within the last 24 hours.

Virus and malware removal

This page provides information on how to avoid infections by malware or viruses and is useful if your system suffers from common spyware and malware attacks.

Learn about malware removal

Top Removal Guides
Latest News
Blog