INTERPOL said it had developed a “global stop payment mechanism” that helped facilitate the largest-ever recovery of funds stolen in a business email hack (BEC) fraud.
This development comes after an unnamed commodity firm based in Singapore fell victim to a BEC scam in mid-July 2024. This refers to a type of cybercrime where an attacker impersonates a trusted person and uses email to trick entities into sending money or disclose confidential information about the company.
Such attacks can occur in a number of ways, including gaining unauthorized access to a financial officer’s or law firm’s email account to send fake invoices, or impersonating a third-party vendor to send a fake invoice via email.
“On July 15, the firm received an email from a supplier asking them to send an expected payment to a new bank account in Timor-Leste,” Interpol said. said in a press statement. “However, the email came from a fraudulent account that is slightly different from the vendor’s official email address.”
The Singaporean company is said to have transferred $42.3 million to a non-existent supplier on July 19, only to realize its mistake on July 23 after the actual supplier said it had not been compensated.
However, using Interpol’s Global Rapid Interception of Payments (I-GRIP) mechanism, Singaporean authorities were able to locate the $39 million and freeze the fake bank account a day later.
Separately, seven suspects were arrested in the Southeast Asian country in connection with the scam, leading to a further recovery of $2 million.
Back in June, I-GRIP was used to track and intercept illicit proceeds of fiat and cryptocurrency crimes, successfully recovering millions and intercepting hundreds of thousands of BEC accounts in a global police operation called First light.
“Since its launch in 2022, Interpol’s I-GRIP mechanism has helped law enforcement agencies intercept hundreds of millions of dollars in illicit funds,” the agency said.
“Interpol encourages businesses and individuals to accept preventive measures to avoid becoming a victim of business email compromise and other social engineering scams.”
The disclosure comes after law enforcement seized an online digital wallet and cryptocurrency exchange known as Cryptonator for allegedly generating criminal proceeds from computer intrusion and hacking incidents, ransomware scams, various scam markets and identity theft schemes.
Cryptonator, launched in December 2013 by Roman Bose, has also been accused of failing to implement adequate anti-money laundering controls. The US Department of Justice accused Boss of creating and managing the service.
Blockchain specialist TRM Labs said the platform facilitated more than 4 million transactions totaling $1.4 billion, with Boss receiving a small portion of each transaction. This included money exchanged on darknet markets, fraudulent wallet addresses, high-risk exchanges, ransomware groups, crypto theft operations, mixers, and sanctioned addresses.
Specifically, cryptocurrency addresses controlled by Cryptonator transacted with darknet markets, virtual exchanges, and criminal markets such as Bitzlato, Blender, Finiko, Garantex, Hydra, Nobitex, and an unnamed terrorist organization.
“Hackers, darknet market operators, ransomware groups, sanctions evaders, and other threat actors have flocked to the platform for cryptocurrency exchanges as well as crypto-to-fiat conversions,” TRM Labs noted.
Cryptocurrency is popular created many possibilities for fraud, constantly with threats development new ways drain the wallets of victims for years.
Indeed, a recent report from Check Point found that fraudsters are abusing legitimate blockchain protocols such as Uniswap and Safe.global to hide their malicious activities and siphon funds from cryptocurrency wallets.
“Attackers use the Uniswap Multicall contract to arrange money transfers from victims’ wallets to their own,” researchers said. “Attackers have been known to use Gnosis Safe’s contracts and framework to trick unsuspecting victims into signing fraudulent transactions.”
