Police in 10 countries have arrested 281 people as part of a “significant coordinated effort” by US authorities to dent business email compromise (BEC) scams.
The biggest portion of the arrests - 167 - were made in Nigeria, though 74 alleged fraudsters were picked up in the United States.
In addition, there were 18 arrests in Turkey, 15 in Ghana, and the remainder made in “France, Italy, Japan, Kenya, Malaysia, and the United Kingdom (UK)”, the US Department of Justice said.
The BEC scammers mostly targeted employees of companies that worked with foreign suppliers and/or performed international wire transfer payments.
“BEC scams may involve fraudulent requests for checks rather than wire transfers; they may target sensitive information such as personally identifiable information (PII) or employee tax records instead of, or in addition to, money; and they may not involve an actual “compromise” of an email account or computer network,” the department said.
“Foreign citizens perpetrate many BEC scams. Those individuals are often members of transnational criminal organisations, which originated in Nigeria but have spread throughout the world.”
A range of US authorities led the investigation, including the FBI, more than two dozen US Attorney’s Offices, US Secret Service, US Postal Inspection Service, Homeland Security Investigations, IRS Criminal Investigation, and US Department of State’s Diplomatic Security Service.
Unnamed “private sector partners”, as well as international policing authorities, also contributed to the investigation.
“In unraveling this complex, nationwide identity theft and tax fraud scheme, we discovered that the conspirators stole more than 250,000 identities and filed more than 10,000 fraudulent tax returns, attempting to receive more than US$91 million in refunds,” said chief Don Fort of IRS Criminal Investigation.
“We will continue to work with our international, federal and state partners to pursue all those responsible for perpetrating this fraud, preying on innocent victims and attempting to cheat the US out of millions of dollars.”
According to the Internet Crime Complaint Center (IC3), nearly US$1.3 billion in loss was reported in 2018 from BEC and its variant, Email Account Compromise (EAC).
This was “nearly twice as much as was reported the prior year”, the Justice department said.
The investigation was codenamed “Operation reWired” and came after “Operation Wire Wire,” which saw the arrest of 74 individuals allegedly involved in BEC scams last year.