Interpol arrests Nigerian head of BEC fraud gang

Paragraph[German]Interpol, together with the Nigerian police, was able to arrest the head of a BEC (Business Email Compromise) gang. The gang had been targeted by investigators for numerous email scams, and security researchers from Palo Alto Networks and other firms helped Interpol to uncover the group.


Advertising

What is Business Email Compromise (BEC)?

Business Email Compromise (BEC) is a scam in which the individual or group in question gains access to a business email account. The identity of the account holder is then impersonated or misused to defraud the company and its employees or partners. The fraudsters attempt to gain access to company finances and have money transferred to accounts, which is under control of the group.

To do this, an attacker often creates an account with an email address that is nearly identical to a corporate email, relying on a victim to trust the email account. BEC is sometimes referred to as a "man-in-the-email" attack. Behind this scam are transnational criminal organizations that employ lawyers, linguists, hackers, and social engineers.

Silver Terrier head arrested in Nigeria

The Nigerian police cybercrime unit has arrested a 37-year-old Nigerian man in an international operation code-named Delilah that spanned four continents and was coordinated and supported by the recently established Africa Division of the INTERPOL Cybercrime Directorate, according to reports here

The suspect is accused of running a transnational cybercrime syndicate that conducted mass phishing campaigns and compromises of business emails for companies and individuals. Palo Alto Networks/Unit 42 has identified this criminal as part of the SilverTerrier group, a network known for BEC scams that have harmed thousands of businesses worldwide. This arrest is also possible thanks to information and resources from industry partners, including Palo Alto Networks Unit 42.

Investigators began recording and tracking the suspect's alleged malicious online activities with the ad hoc assistance of private company CyberTOOLBELT, as well as tracking his physical movements as he traveled from one country to another. Nigerian law enforcement agencies were able to arrest the suspect at the Murtala Mohammed International Airport in Lagos.


Advertising

"The arrest of this suspected prominent cybercriminal in Nigeria is a testament to the perseverance of our international coalition of law enforcement and INTERPOL private sector partners in combating cybercrime," said Garba Baba Umar, Deputy Inspector General of the Nigerian Police Force, Head of INTERPOL's National Central Office in Nigeria, and Vice President for Africa on INTERPOL's Executive Committee.

Damage from BEC in the millions

BEC remains the most common and costly threat to businesses worldwide. This threat ranked first among cybercriminal acts against businesses for the sixth consecutive year in the FBI's 2021 Internet Crime Complaint Center (IC3) report. In half a decade, global losses have increased from $360 million in 2016 to a staggering $2.3 billion in 2021. Despite these massive losses, industry and global law enforcement continue to make significant strides to thwart these attacks.

This news follows an earlier announcement of Operation Falcon II, which announced the arrest of 11 BEC criminals in January 2022 (see also my blog post Operation Falcon II: Interpol and Nigerian police arrest 11 cybercriminals. What's interesting about today's arrest news – the cybercriminal fled the country before he could be arrested, but with information from partners like Palo Alto Networks/Unit 42, law enforcement was able to arrest the criminal when he returned to Nigeria. Palo Alto released some information in a blog post.  


Advertising

This entry was posted in Security and tagged . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *

Note: Please note the rules for commenting on the blog (first comments and linked posts end up in moderation, I release them every few hours, I rigorously delete SEO posts/SPAM).