Suspects alleged to have hijacked email accounts and requested fraudulent transfers
Spanish police have arrested three people over a long-running series of business email compromise (BEC) scams suspected of costing victims an eye-watering $11.9 million.
The three arrested suspects, together with another yet to be arrested suspect, allegedly defrauded 12 companies across 10 countries of €10.7 million through a ruse that relied on them first hacking into the email accounts of senior managers at the victim organizations.
According to a press release posted on the Guardia Civil website this week, the suspects targeted companies based across Europe – in Belgium, Bulgaria, Germany, Norway, Luxembourg, Portugal, and the UK – as well as the US, Chile, and Venezuela.
Hijacked accounts
The scam was the same in each case. The attackers gained access to compromised email accounts of business mangers through phishing before using these hijacked accounts to request subordinates at the same company to make fraudulent transfers to bank accounts controlled by cybercriminals.
To make the fraudulent request more plausible, the cyber-scammers attached fake invoices to the emails featuring counterfeit letterheads.
Read more of the latest cybercrime news from The Daily Swig
The as-yet unnamed suspects face a variety of charges including fraud, money laundering, and racketeering offences.
To launder the money, the suspects allegedly helped to establish a complex financial network of companies and bank accounts. Portions of stolen money were also used to make real estate purchases.
Researchers working on behalf of the authorities are said to have identified a total of 83 companies and 185 bank accounts tied to the scam.
Stolen money was circulated between accounts to make recovery of the stolen funds more difficult.
The Spanish Guardia Civil have nonetheless been able to recover nearly €1.3 million from 16 seized accounts.
The investigation into the case, led by the Guardia Civil, began in 2016 and remains ongoing.
Spanish police have been assisted by Europol and Interpol, as well as that of several foreign police bodies such as the FBI or the German BKA.
YOU MIGHT ALSO LIKE ‘Biggest cyber-swindler in the history of Spain’ suspect arrested