Business Email Compromise (BEC) , Email Security & Protection , Email Threat Protection

Three Charged in $11 Million BEC Scam

Police Say Cybercriminal Gang Targeted 12 Companies
Three Charged in $11 Million BEC Scam

Spanish authorities say they've arrested three individuals on charges of running a large-scale business email compromise scheme that targeted a dozen companies around the world to steal about €10 million ($11 million).

See Also: OnDemand | Combatting Rogue URL Tricks: How You Can Quickly Identify and Investigate the Latest Phishing Attacks

The suspects, who are all residents of Spain, allegedly targeted companies in the U.S., U.K., Belgium, Venezuela, Bulgaria, Norway, Germany, Luxembourg, Portugal and Chile. The three arrested, who range in age from 34 to 67, have been charged with "belonging to a criminal organization, continued scam, money laundering, discovery and disclosure of secrets, documentary falsehood and usurpation of marital status," Spanish authorities say.

None of the three suspects were named by the Guardia Civil, Spain's national police force, which led the investigation.

Over the course of a three-year investigation, dubbed "Lavanco," Spanish investigators uncovered a web of over 80 shell companies and 185 bank accounts used as part of the BEC scam, which allegedly helped the suspects avoid detection and allowed them to launder the any stolen.

BEC on the Rise

Business email compromise scams, also known as CEO fraud, have become big money-makers for fraudsters.

A July report from the U.S. Treasury Department found that the scams are costing U.S. companies a total of more than $300 million a month.

In September, the FBI's Internet Crime Complaint Center noted that global losses and attempted thefts from BEC scams increased by 100 percent over a 14-month period. And the U.K. National Cyber Security Center warned in September that schools and universities are also falling victim to BEC schemes.

How the Scam Worked

Authorities in Spain say the suspects in the BEC scam allegedly began by stealing credentials of managers at targeted companies using phishing emails and then taking over their accounts.

Using these stolen executive email credentials, the suspects allegedly sent fraudulent emails to lower-level employees that requested phony wire transfers. To give the scam another layer of legitimacy, the wire transfers were directed to banks with which the victim companies had previously done business, Spanish authorities say.

The suspects also attached fake invoices that looked legitimate, Spanish police note. The gang would then allegedly launder the money they received through various shell companies and bank accounts, authorities say. They also bought real estate to help launder the stolen funds, police allege.

Police say that so far, they’ve recovered about €1.3 million ($1.4 million) in stolen funds from about 16 bank accounts.

Other Recent BEC Arrests

In another recent global BEC crackdown, 281 suspects were arrested as part of the four-month investigation called "Operation reWired." Most of the arrests were made in Nigeria, but others were arrested in the U.K., Italy, Japan, France and elsewhere (see: Business Email Compromise Crackdown: 281 Suspects Busted).

And in August, the U.S. Justice Department indicted 80 suspects for running a global business email compromise scam that led to millions of dollars in fraud and allegedly involved a complex money-laundering operation (see: 80 Indicted for Scams, Including Business Email Compromises).


About the Author

Apurva Venkat

Apurva Venkat

Special Correspondent

Venkat is special correspondent for Information Security Media Group's global news desk. She has previously worked at companies such as IDG and Business Standard where she reported on developments in technology, businesses, startups, fintech, e-commerce, cybersecurity, civic news and education.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing careersinfosecurity.eu, you agree to our use of cookies.