Multimillion-Dollar Business Email Fraud Gang Arrested

International law enforcement has disrupted a massive business email compromise gang thought to have targeted hundreds of victim organisations over the past few years. 

The FBI has announced that 65 people were arrested as part of an international law enforcement crackdown on Business Email Compromise (BEC) attackers, which started in September 2021 and lasted three months.  

The US Department of Justice along with international law enforcement partners carried out Operation Eagle Sweep, a name referring to the takedown of the hacking gang, over a three-month period. 

Starting in September 2021, the operation has resulted in the arrests of 65 suspects, including twelve in Nigeria, eight in South Africa, two Toronto residents in Canada and one in Cambodia. Toronto Police Services arrested the duo, who are accused of having tried to divert more than US$16 million from victims across the United States and Canada in cheque fraud and BEC scams.

Operation Eagle Sweep targeted BEC scammers law enforcement believed to be responsible for targeting roughly 500 US victims and causing losses totalling $51 million. 

Among those arrested were Oluwasegun Baiyewu of Houston, Texas, and Leo Omorogieva Eghaghe of Lagos, Nigeria, who are thought to have been involved in an attack on a Puerto Rico-based renewable energy supplier and a $4.5m BEC money laundering conspiracy. 

The operation comes after a number of previous law enforcement tried to curb this type of activity through arrests, including one in 2018 that led to the arrest of 74 suspects worldwide and one in 2019 that resulted in 281 arrests.
Despite BEC being a prevalent type of attack, it continues to cost firms millions with the recently released Internet Crime Complaint Center (IC3) showing that BEC (and email account compromise) victims reported nearly $2.4 billion in losses in 2021. Operation Eagle Sweep follows Operation Wire Wire in 2018 and Operation reWired in 2019, which resulted in the arrests of more than 300 individuals for their suspected involvement in BEC schemes.

The real challenge in defending against this form of attack is that it is difficult to detect. BEC is typically carried out when legitimate business email accounts are compromised through social engineering techniques and used to conduct unauthorised transfers of funds.

ABC13:     Oodaloop:   Infosecurity Magazine:   DUO.com:   Security Week:   ITWorld Canada:     Dark Reading

You Might Also Read: 

Every Employee Should Be Considered A Target:
 

« Cyber Security Lessons From The Ukraine War
Heriot Watt University Knocked Offline For A Week »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Ascentor

Ascentor

Ascentor specialises in independent information and cyber security consultancy. We’re experienced industry experts, providing cyber security services since 2004.

TBG Security

TBG Security

TBG provides a portfolio of services including cyber security, compliance and continuity solutions.

CIO

CIO

CIO provides technology and business leaders with insight and analysis on information technology trends

FlashRouters

FlashRouters

FlashRouters offers DD-WRT compatible router models with improved performance, privacy/security options, and advanced functionality.

Secarma

Secarma

Secarma provides penetration testing, security assessments, consultancy, and training services to ensure your digital infrastructure is secure from cybersecurity threats.

Risk Ident

Risk Ident

RISK IDENT specializes in supporting enterprises in identifying and preventing criminal activity like payment fraud, account takeovers and identity theft.

SoSafe

SoSafe

Modern awareness training that works. With memorable content on all areas of IT security, with measurable learning success and full data protection compliance.

TOAE Security

TOAE Security

TOAE Security is a trusted cyber security consulting partner helping today's leading organizations protect their most important assets from evolving cyber threats.

Naukrigulf

Naukrigulf

Naukrigulf.com is one of the fastest growing job sites in the Gulf, with thousands of registered job seekers and a robust CV database across many sectors, including cybersecurity.

UK Cyber Security Council (UKCSC)

UK Cyber Security Council (UKCSC)

The role of The UK Cyber Security Council is to champion the cybersecurity profession across the UK, provide representation for the industry, accelerate awareness and promote excellence.

BridgingMinds Network

BridgingMinds Network

BridgingMinds Network is an industry leading best practices and IT security training provider in Singapore.

Zokyo

Zokyo

Zokyo is a venture studio that builds, secures, and funds legendary web3/crypto businesses.

Avrem Technologies

Avrem Technologies

Avrem Technologies is a business IT and cybersecurity consulting firm. We design, implement, manage and monitor the networks, servers, computers and software that our clients rely on each day.

SNC-Lavalin

SNC-Lavalin

SNC-Lavalin is a fully integrated professional services and project management company with offices around the world.

BluSapphire

BluSapphire

BluSapphire is an industry-first, purpose-built, cloud-native, Hybrid XDR platform powered by AI and big data analytics.

FusionAuth

FusionAuth

FusionAuth is the customer authentication and authorization platform that makes developers' lives awesome.