Multimillion-Dollar Business Email Fraud Gang Arrested

International law enforcement has disrupted a massive business email compromise gang thought to have targeted hundreds of victim organisations over the past few years. 

The FBI has announced that 65 people were arrested as part of an international law enforcement crackdown on Business Email Compromise (BEC) attackers, which started in September 2021 and lasted three months.  

The US Department of Justice along with international law enforcement partners carried out Operation Eagle Sweep, a name referring to the takedown of the hacking gang, over a three-month period. 

Starting in September 2021, the operation has resulted in the arrests of 65 suspects, including twelve in Nigeria, eight in South Africa, two Toronto residents in Canada and one in Cambodia. Toronto Police Services arrested the duo, who are accused of having tried to divert more than US$16 million from victims across the United States and Canada in cheque fraud and BEC scams.

Operation Eagle Sweep targeted BEC scammers law enforcement believed to be responsible for targeting roughly 500 US victims and causing losses totalling $51 million. 

Among those arrested were Oluwasegun Baiyewu of Houston, Texas, and Leo Omorogieva Eghaghe of Lagos, Nigeria, who are thought to have been involved in an attack on a Puerto Rico-based renewable energy supplier and a $4.5m BEC money laundering conspiracy. 

The operation comes after a number of previous law enforcement tried to curb this type of activity through arrests, including one in 2018 that led to the arrest of 74 suspects worldwide and one in 2019 that resulted in 281 arrests.
Despite BEC being a prevalent type of attack, it continues to cost firms millions with the recently released Internet Crime Complaint Center (IC3) showing that BEC (and email account compromise) victims reported nearly $2.4 billion in losses in 2021. Operation Eagle Sweep follows Operation Wire Wire in 2018 and Operation reWired in 2019, which resulted in the arrests of more than 300 individuals for their suspected involvement in BEC schemes.

The real challenge in defending against this form of attack is that it is difficult to detect. BEC is typically carried out when legitimate business email accounts are compromised through social engineering techniques and used to conduct unauthorised transfers of funds.

ABC13:     Oodaloop:   Infosecurity Magazine:   DUO.com:   Security Week:   ITWorld Canada:     Dark Reading

You Might Also Read: 

Every Employee Should Be Considered A Target:
 

« Cyber Security Lessons From The Ukraine War
Heriot Watt University Knocked Offline For A Week »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

Post-Quantum

Post-Quantum

Post-Quantum offer a unique, patented quantum-resistant encryption algorithm that can be applied to existing products and networks.

BrainChip

BrainChip

BrainChip is the leading provider of neuromorphic computing solutions, a type of artificial intelligence that is inspired by the biology of the human neuron - spiking neural networks.

KIOS Center of Excellence (KIOS CoE)

KIOS Center of Excellence (KIOS CoE)

KIOS carries out top level research in the area of Information and Communication Technologies (ICT) with emphasis on the Monitoring, Control and Security of Critical Infrastructures.

Cloudentity

Cloudentity

Cloudentity combines Identity for all things with API and Application security in a unique deployment model, combining cloud-transformation and legacy systems.

Innosphere Ventures

Innosphere Ventures

Innosphere Ventures is Colorado’s leading science and technology incubator, accelerating the success of high-impact startup and scaleup companies.

Kinnami Software

Kinnami Software

Kinnami is a data security company that equips organizations with the tools they need to secure and protect highly confidential documents and data.

Evanssion

Evanssion

Evanssion is a value added distributor specialized in Cloud Native & Cyber Security across Middle East & Africa.

Seemplicity

Seemplicity

Seemplicity revolutionizes the way security teams work by automating, optimizing and scaling all risk reduction workflows in one workspace.

PreVeil

PreVeil

We started PreVeil to bring radically better security to ordinary business and personal communication and information storage.

Armolon

Armolon

Armolon provides comprehensive data breach and cybersecurity, as well cybersecurity audits and certifications, and disaster recovery/business continuity services to clients.

Bastion Networks

Bastion Networks

Bastion are a security-focussed managed solution provider and consultancy. We work with advanced cyber security vendors to produce managed security solutions to protect from online threats.

Astran

Astran

At Astran, we revolutionize data security by introducing a groundbreaking solution for data confidentiality headaches.

Kusari

Kusari

Securing your software supply chain starts with understanding. Kusari is on a mission to bring transparency to your software supply chain and power secure development.

Reach Security

Reach Security

Reach is the first generative AI platform purpose-built to empower enterprise security teams. With Reach, organizations measure, manage, and improve their enterprise security posture at scale.

PDQ

PDQ

PDQ helps IT professionals to manage and organize hardware, software, and configuration data for Windows- and Apple-based devices.

Lumos

Lumos

Lumos, the Unified Access Platform to manage all access to apps and data.