INTERPOL has declared of having devised a “global payment blocking mechanism” which helped facilitate the largest ever recovery of funds resulting from a business email compromise scam (BEC).
INTERPOL investigation
The development comes after an unidentified Singapore-based commodities firm fell victim to a BEC scam in mid-July 2024. This is a type of cybercrime where a cybercriminal impersonates a trusted figure and uses email to trick victims into sending money or divulging confidential company information.
Such attacks can occur in a variety of ways, including unauthorized access to a finance or law firm employee’s email account to send fake invoices, or impersonating a third-party vendor to send a fake invoice.
“On July 15, the company received an email from a supplier requesting that a pending payment be sent to a new bank account based in East Timor.“, has declared INTERPOL in a press release. “The email, however, came from a fraudulent account with a slight difference from the provider’s official email address..”
The Singaporean firm is believed to have transferred $42.3 million to the non-existent supplier on July 19, only realising the mistake on July 23, when the actual supplier has communicated that it has not been compensated.
However, using INTERPOL’s Global Rapid Intervention of Payments (I-GRIP) mechanism, Singapore authorities managed to detect $39 million and froze the fake bank account a day later.
Separately, seven suspects were arrested in the Southeast Asian nation in connection with the scam, leading to the recovery of an additional $2 million.
INTERPOL and investigations into related operations
In June, I-GRIP was used to track and intercept illicit proceeds from fiat and cryptocurrency crimes, successfully recovering millions of dollars and intercepting hundreds of thousands of BEC accounts as part of a global law enforcement operation called First Light.
“Since its introduction in 2022, INTERPOL’s I-GRIP mechanism has helped law enforcement intercept hundreds of millions of dollars in illicit funds.“, the agency said.
INTERPOL then added: “INTERPOL encourages companies and individuals to take preventive measures to avoid falling victim to business email compromise and other social engineering scams.”
The disclosure follows the seizure by law enforcement of an online digital wallet and cryptocurrency exchange platform known as Cryptonator, accused of receiving criminal proceeds from computer intrusions and hacking, ransomware scams, various fraud markets, and identity theft schemes.
Cryptonator, launched in December 2013 by Roman Boss, has also been accused of failing to establish adequate anti-money laundering controls. The U.S. Department of Justice has indicted Boss for founding and operating the service.
Blockchain intelligence firm TRM Labs said the platform facilitated more than 4 million transactions totaling $1.4 billion, with Boss taking a small percentage of each transaction and This included money traded via darknet markets, scam wallet addresses, high-risk exchanges, ransomware groups, cryptocurrency theft operations, mixers, and sanctioned addresses.
In particular, cryptocurrency addresses controlled by Cryptonator have transacted with darknet markets, virtual exchanges, and criminal marketplaces such as Bitzlato, Blender, Finiko, Garantex, Hydra, Nobitex and an unidentified terrorist entity.
“Hackers, darknet market operators, ransomware groups, sanctions evaders and other bad actors have approached the platform to trade cryptocurrencies and convert crypto into fiat currency,” has said TRM Labs.
The popularity of cryptocurrencies has created many opportunities for fraud, with malicious people constantly inventing new ways to empty victims’ wallets over the years.
In fact, a recent report from Check Point found that scammers are abusing legitimate blockchain protocols like Uniswap and Safe.global to hide their malicious activities and steal funds from cryptocurrency wallets.
“The researchers said that the attackers exploit Uniswap’s Multicall contract to orchestrate fund transfers from victims’ wallets to their own.,” the researchers said. “Attackers are known to use Gnosis Safe contracts and framework, tricking unwitting victims into signing fraudulent transactions.”
#INTERPOL #Recovers #Million #Fraud