Suspects alleged to have hijacked email accounts and requested fraudulent transfers

Three suspects have been arrested in relation to a multimillion-euro cybercrime scam

Spanish police have arrested three people over a long-running series of business email compromise (BEC) scams suspected of costing victims an eye-watering $11.9 million.

The three arrested suspects, together with another yet to be arrested suspect, allegedly defrauded 12 companies across 10 countries of €10.7 million through a ruse that relied on them first hacking into the email accounts of senior managers at the victim organizations.

According to a press release posted on the Guardia Civil website this week, the suspects targeted companies based across Europe – in Belgium, Bulgaria, Germany, Norway, Luxembourg, Portugal, and the UK – as well as the US, Chile, and Venezuela.

Hijacked accounts

The scam was the same in each case. The attackers gained access to compromised email accounts of business mangers through phishing before using these hijacked accounts to request subordinates at the same company to make fraudulent transfers to bank accounts controlled by cybercriminals.

To make the fraudulent request more plausible, the cyber-scammers attached fake invoices to the emails featuring counterfeit letterheads.

Read more of the latest cybercrime news from The Daily Swig

The as-yet unnamed suspects face a variety of charges including fraud, money laundering, and racketeering offences.

To launder the money, the suspects allegedly helped to establish a complex financial network of companies and bank accounts. Portions of stolen money were also used to make real estate purchases.

The suspects allegedly defrauded 12 companies out of more than €10 million

Researchers working on behalf of the authorities are said to have identified a total of 83 companies and 185 bank accounts tied to the scam.

Stolen money was circulated between accounts to make recovery of the stolen funds more difficult.

The Spanish Guardia Civil have nonetheless been able to recover nearly €1.3 million from 16 seized accounts.

The investigation into the case, led by the Guardia Civil, began in 2016 and remains ongoing.

Spanish police have been assisted by Europol and Interpol, as well as that of several foreign police bodies such as the FBI or the German BKA.

YOU MIGHT ALSO LIKE ‘Biggest cyber-swindler in the history of Spain’ suspect arrested