Police in 20 separate countries arrested 1,003 suspects as part of a sweeping crackdown on digital financial crime from June 2021 to September, including suspected operators of a type of scam called “business email compromise” (BEC), according to Interpol.
Other scams involved in the Interpol-coordinated operation include romance scams, investment fraud, and money laundering. Interpol, which is not a police force but an international organization that coordinates action by police across member countries, said in a press release that the effort resolved nearly 1,660 ongoing investigations and led to the seizure of over 2,350 bank accounts and nearly $27 million in allegedly illicit proceeds.
Interpol wrote the operation, titled HAECHI-II, targeted scams suspected to be linked in some fashion to North Korean operators—such as a “single case in Colombia” that resulted in losses of over $8 million to a “prominent textiles company.” In that case, the operators impersonated legal counsel in order to authorize payments of $16 million to bank accounts in China, with one of the payments going through before the fraud was noticed and reported to Colombian authorities, according to Interpol. Another scam described by Interpol involved a “malware-laden mobile application using the name and branding of the Netflix show Squid Game” that secretly gained access to users’ bank accounts and authorized payments for pricey subscription services.
Interpol wrote its bureaus in Beijing, Bogota, and Hong Kong used the operation as an opportunity to test a new system called the Anti-Money Laundering Rapid Response Protocol (ARRP), a network that fast-tracks police requests to block and intercept suspicious financial transfers. The agency wrote in the statement, “Far from the common notion of online fraud as a relatively low-level and low stakes type of criminality, the results of Operation HAECHI-II show that transnational organized crime groups have been using the Internet to extract millions from their victims before funneling the illicit cash to bank accounts across the globe.”
Business email compromise scams, as defined by the FBI, are effectively just typical email scams and involve tricking an individual with access to a personal or corporate bank account into sending money to the wrong recipient. An example would be a malicious party using email spoofing (impersonation of a legitimate email address) to trick an employee into sending wire payments for fake invoices or reimbursing fake expenses. As ZDNet noted, it’s one of the most common and lucrative types of online fraud, with the FBI estimating in its 2020 Internet Crime Report that BEC accounted for $1.8 billion of $4.2 billion in cybercrime and scam losses to U.S. businesses in 2020.
The operation’s predecessor, HAECHI-I, took place between September 2020 and March 2021 and resulted in 585 arrests, as well as the seizure of over 1,600 bank accounts and over $83 million in allegedly fraudulent proceeds, according to Bleeping Computer. Interpol has advised that scam victims should act immediately to maximize the odds that funds can be recovered before disappearing into the global financial network.
According to the FBI report, agents observed that BEC attacks began becoming more sophisticated in 2013, with hackers routinely attempting to impersonate corporate CEOs or chief financial officers. In 2020, the FBI wrote, there was a marked increase in the number of BEC operators converting the proceeds to cryptocurrency, which has recently become one of the top focuses of global financial watchdogs like the Financial Action Task Force. In October, the Department of Justice launched the National Cryptocurrency Enforcement Team, which is tasked with investigating everything from crypto investment scams and fraudulent exchanges to international money laundering.