Over One Hundred Arrests In Business Email Compromise Swoop

European police have released details of two major operations against business email compromise (BEC) fraudsters, which resulted in the arrest of 106 suspects, mostly from Spain and Italy. Operation Wine Cellar and Operation Theatre were carried out in November 2021 but are only now being made public due to operational reasons.

The arrests were made following two complex fraud cases in which security forces identified an organised crime group targeting state-owned companies. The scheme defrauded 94 organisations in this way, racking up profits of €2.8m. 

The criminals used a “sophisticated money laundering infrastructure” to obfuscate the flow of proceeds from these crimes and hamper investigator efforts to track it down. Europol, which provided support to the Hungarian authorities during the operations said. “The criminals would impersonate a service company to inform their victims that the service company now had a new bank account to which the payments for the provided services should be sent.” 

This large criminal network was very well organised in a pyramid structure, which included different specialised areas and roles. Among the members of the criminal group were computer experts, who created the phishing domains and carried out the cyber fraud; recruiters and organisers of the money muling; and money laundering experts, including experts in crypto currencies. 

Europol money laundering specialists and economic analysts were sent to Hungary to help investigators with house searches and forensic assessment of seized gadgets.

The police campaigns have been named Operation Wine Cellar and Operation Theatre and were carried out by the Anti-Economic Crime Department of the Budapest Metropolitan Police and Europol’s European Financial and Economic Crime Centre assisted in the operations. 

The fraudsters leveraged fake invoices to achieve their financial goals, impersonating a service company to trick victims into thinking that they owed the service money via a new bank account. Using this technique, the scheme was successful in defrauding 94 organisations, resulting in millions of dollars in profit.

BEC has been the highest-earning cyber crime type for threat actors for a number of years and in 2021 the losses for victims were almost $2.5 billion.

Europol:    Scammer Info:     Oodaloop:     Infosecurity Magazine:   Cybersecurity News:    Security Week:

You Might Also Read: 

Online Con Tricks Senior Executives Out of Millions:

 

« Why A Managed Security Service Provider Should Be On Your Cyber Roadmap
For Sale: 5.4m Twitter Users’ Data »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Dataguise

Dataguise

Dataguise provides a data-centric security solution to detect, protect, and monitor sensitive data in real time across all data repositories, both on premises and in the cloud.

Detack

Detack

Detack is an independent supplier of IT security auditing and consulting services.

TechDefence Labs

TechDefence Labs

TechDefence Labs provide pentesting and security assessment services for networks, web apps, mobile apps and source code reviews.

Jamcracker

Jamcracker

Jamcracker is a cloud services management and cloud governance solutions company, with more than a decade of experience providing industry leading software and services.

ZenMate

ZenMate

ZenMate is a Virtual Private Network services provider offering secure encrypted access to the internet.

Digital Arts

Digital Arts

Digital Arts provides internet security software and appliance products for companies and individuals.

CybExer Technologies

CybExer Technologies

CybExer provide an on-premise, easily deployable solution for complex technical cyber security exercises based on experience in military grade ranges.

Banshie

Banshie

Banshie is an independent cyber security company with a small team of recognized specialist that are among the best in their field.

Upfort

Upfort

Upfort (formerly Paladin Cyber) unifies award-winning security and robust cyber insurance to deliver comprehensive cyber risk solutions.

BTblock

BTblock

Blockchain and cybersecurity is a vital combination for Enterprise success. BTblock is a Force Multiplier for its clients.

Cegeka

Cegeka

Cegeka is a family-owned IT company providing end-to-end IT solutions, services & consultancy.

Aleo

Aleo

Aleo is building the world's leading developer platform for enabling absolute privacy on blockchains.

IPKeys Cyber Partners

IPKeys Cyber Partners

IPKeys Cyber Partners, together with the IPKeys Power Partners unit, provide Cyber Security and CIP Compliance for utilities, grid operators and public safety organization across the USA.

Purple Team

Purple Team

Purple Team is an expert cybersecurity and managed security service provider focused on arming your IT infrastructure with both red team and blue team services.

ActiveFence

ActiveFence

ActiveFence enables Trust & Safety teams to be proactive about online integrity so they can keep their users safe from online harm – across content formats, languages, and abuse areas.

Theta

Theta

Theta is a New Zealand owned technology consultancy. Our team of over 330 experienced professionals help organisations transform with technology.