Multimillion-Dollar Business Email Fraud Gang Arrested

International law enforcement has disrupted a massive business email compromise gang thought to have targeted hundreds of victim organisations over the past few years. 

The FBI has announced that 65 people were arrested as part of an international law enforcement crackdown on Business Email Compromise (BEC) attackers, which started in September 2021 and lasted three months.  

The US Department of Justice along with international law enforcement partners carried out Operation Eagle Sweep, a name referring to the takedown of the hacking gang, over a three-month period. 

Starting in September 2021, the operation has resulted in the arrests of 65 suspects, including twelve in Nigeria, eight in South Africa, two Toronto residents in Canada and one in Cambodia. Toronto Police Services arrested the duo, who are accused of having tried to divert more than US$16 million from victims across the United States and Canada in cheque fraud and BEC scams.

Operation Eagle Sweep targeted BEC scammers law enforcement believed to be responsible for targeting roughly 500 US victims and causing losses totalling $51 million. 

Among those arrested were Oluwasegun Baiyewu of Houston, Texas, and Leo Omorogieva Eghaghe of Lagos, Nigeria, who are thought to have been involved in an attack on a Puerto Rico-based renewable energy supplier and a $4.5m BEC money laundering conspiracy. 

The operation comes after a number of previous law enforcement tried to curb this type of activity through arrests, including one in 2018 that led to the arrest of 74 suspects worldwide and one in 2019 that resulted in 281 arrests.
Despite BEC being a prevalent type of attack, it continues to cost firms millions with the recently released Internet Crime Complaint Center (IC3) showing that BEC (and email account compromise) victims reported nearly $2.4 billion in losses in 2021. Operation Eagle Sweep follows Operation Wire Wire in 2018 and Operation reWired in 2019, which resulted in the arrests of more than 300 individuals for their suspected involvement in BEC schemes.

The real challenge in defending against this form of attack is that it is difficult to detect. BEC is typically carried out when legitimate business email accounts are compromised through social engineering techniques and used to conduct unauthorised transfers of funds.

ABC13:     Oodaloop:   Infosecurity Magazine:   DUO.com:   Security Week:   ITWorld Canada:     Dark Reading

You Might Also Read: 

Every Employee Should Be Considered A Target:
 

« Cyber Security Lessons From The Ukraine War
Heriot Watt University Knocked Offline For A Week »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Resecurity, Inc.

Resecurity, Inc.

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

ISTQB

ISTQB

ISTQB has defined the "ISTQB Certified Tester" scheme that has become the world-wide leader in the certification of competences in software testing.

International Telecommunication Union (ITU)

International Telecommunication Union (ITU)

ITU is the United Nations specialized agency for information and communication technologies – ICTs. Areas of activity include cybersecurity.

PSC

PSC

PSC is a leading PCI and PA DSS assessor and Approved Scanning Vendor.

NRD Cyber Security

NRD Cyber Security

NRD Cyber Security is a cyber security technology consulting, incident response and applied research company.

Cybraics

Cybraics

Cybraics nLighten platform implements a unique and sophisticated artificial intelligence engine that rapidly learns your environment and alerts security teams to threats and vulnerabilities.

BlackBerry Security Services

BlackBerry Security Services

Blackberry provides intelligent security software and services to enterprises and governments around the world.

Telecommunications Industry Association (TIA)

Telecommunications Industry Association (TIA)

TIA works to secure trust in networks by advocating public policy positions on the security of ICT equipment and services related to critical infrastructure, supply chain and information sharing.

macmon secure

macmon secure

macmon secure develops network security software, focussing on Network Access Control.

Trapmine

Trapmine

TRAPMINE is an innovative cybersecurity products company mainly focusing on protecting organizations from Advanced Persistent Threat & Zero-Day attacks.

TrustMAPP

TrustMAPP

TrustMAPP automates cybersecurity & privacy assessments, with universal workflow, allowing teams to generate analytics and recommendations to align priorities for improvement.

Query.ai

Query.ai

At Query.AI, we are committed to helping companies unlock the power of their security data, so they are empowered to meet security investigation and response goals while simultaneously reducing costs.

Polestar Industrial IT

Polestar Industrial IT

Polestar work on both sides of the IT & OT divide. Network, Data & Asset Security is our priority. Polestar installations are robust and resilient and comply with the appropriate security.

Abacus Group

Abacus Group

Abacus Group is a global IT services firm for alternative investment firms, providing an enterprise technology platform specifically designed to meet the unique needs of financial services.

Willyama Services

Willyama Services

Willyama Services is a certified Information Technology and Cybersecurity professional services business providing services to government and private sector clients.

SecureTeam

SecureTeam

SecureTeam are a UK-based information security practice, specialising in all areas of cybersecurity.

Judy Security

Judy Security

Judy provides smart, simple, effective, all-in-one cybersecurity for SMBs. Get the 24/7 protection and support you deserve, at a price you can afford.