BEC Run Out Of Detention Center Nets Millions

Mobile means one can do just about anything by using their device: order food, bank online, read the news … even commit payments fraud, sometimes from the unlikeliest of places.

In Australia, news came that police have charged a quartet of alleged fraudsters with running a business email compromise (BEC) scam. As for the locale: Search warrants, noted by ZDNet, were served on those individuals in an immigration detention center, yielding 16 mobile phones, various SIM cards and a number of electronic storage devices. The scam, which used those devices and deployed email methods, netted more than $3 million in Australian currency. The strike force behind the arrests had been charged by authorities overseeing cybercrime and investigating criminal syndicates focused on identity and email theft.

The arrest came on the heels of an order in the United States earlier this month; Nigerian Emmanual Opara was sentenced in Manhattan federal court for also running BEC scams. He and an accomplice operated from Nigeria, targeting the U.S., New Zealand and a number of other countries. The scams netted an alleged $25 million from 2014 to 2016.

“In this day and age, most companies use electronic accounting systems and pay accounts electronically, which can make them susceptible to business email compromise scams,” said Cybercrime Squad Commander Detective Superintendent Arthur Katsogiannis, according to ZDNet. “We would encourage all businesses to develop systems to combat against scams, including scrutiny of email requests to transfer funds or change account details, and standard procedures to follow to protect against business email compromises.”

The Larger Trends

In terms of data illuminating larger trends, the National Cyber Security Alliance found that roughly 50 percent of smaller firms have been victim of a cyberattack. As many as 70 percent of attacks set their sights on small businesses, said the data.

According to the Idaho State Journal, at a Zions Bank presentation in Idaho earlier this month, Chief Information Security Officer Dean Sapp at Braintrace stated, “The CIS [Center for Internet Security] 20 is my favorite. Over the last 10 to 15 years, the CIS has gathered data about the controls that would significantly reduce the likelihood of a data breach, if implemented. The CIS came out with 20 areas to focus on, and if you are a small business that adopts three or four of these, you have a fighting chance.”

He said that firms should use a two-step verification process and password vaults to create and store passwords.

IBM, according to SecurityIntelligence, also took note of BEC. In one instance, bad actor Ochenetchouwe Adegor Ederaine, Jr. gained access to a real estate lawyer’s email account. By sending fake messages to a buyer, he was able to make off with more than $530,000 in ill-gotten gains, as funds were transferred to bank accounts controlled by Ederaine.

This comes against a backdrop where, from December 2016 to May 2018, the losses tied to such scams have grown by 136 percent. The real estate sector is especially at risk, the FBI noted — from 2015 to 2017, the number of real estate transaction incidents increased by more than 1,110 percent.

In terms of individual fraud cases, in Missouri, a former senior executive for a mental health services provider pleaded guilty to a count of concealing knowledge of a felony. The executive, Keith Noble, had served as chief clinical officer for Preferred Family Healthcare in Springfield.

According to the plea, from 2005 to 2017, Noble was aware of a multi-million-dollar scheme tied to three other executives, who were embezzling money from the nonprofit. Noble personally gained $4.3 million from the nonprofit as well. As part of the scheme, the nonprofit paid unnecessary management fees to another company the conspirators owned, and overpayments allegedly generated income for the fraudsters.