INTERPOL said it devised a “global stop-payment mechanism” that helped facilitate the largest-ever recovery of funds defrauded in a business email compromise (BEC) scam.
The development comes after an unnamed commodity firm based in Singapore fell victim to a BEC scam in mid-July 2024. It refers to a type of cybercrime where a malicious actor poses as a trusted figure and uses email to trick targets into sending money or divulging confidential company information.
Such attacks can take place in myriad ways, including gaining unauthorized access to a finance employee or a law firm’s email account to send fake invoices or impersonating a third-party vendor to email a phony bill.
“On 15 July, the firm had received an email from a supplier requesting that a pending payment be sent to a new bank account based in Timor-Leste,” INTERPOL said in a press statement. “The email, however, came from a fraudulent account spelled slightly different to the supplier’s official email address.”
The Singaporean company is said to have transferred $42.3 million to the non-existent supplier on July 19, only for it to realize the blunder on July 23 after the actual supplier said it had not been compensated.
However, by taking advantage of INTERPOL’s Global Rapid Intervention of Payments (I-GRIP) mechanism, authorities in Singapore managed to detect $39 million and froze the counterfeit bank account a day later.
Separately, seven suspects have been arrested in the Southeast Asian nation in connection with the scam, leading to the further recovery of $2 million.
Back in June, I-GRIP was used to trace and intercept the illicit proceeds stemming from fiat and cryptocurrency crime, successfully recovering millions and intercepting hundreds of thousands of BEC accounts as part of a global police operation named First Light.
“Since its launch in 2022, INTERPOL’s I-GRIP mechanism has helped law enforcement intercept hundreds of millions of dollars in illicit funds,” the agency said.
“INTERPOL is encouraging businesses and individuals to take preventative steps to avoid falling victim to business email compromise and other social engineering scams.”
The disclosure follows the law enforcement seizure of an online digital wallet and cryptocurrency exchange known as Cryptonator for allegedly receiving criminal proceeds of computer intrusions and hacking incidents, ransomware scams, various fraud markets, and identity theft schemes.
Cryptonator, launched in December 2013 by Roman Boss, has also been accused of failing to institute appropriate anti-money laundering controls in place. The U.S. Justice Department indicted Boss for founding and operating the service.
Blockchain intelligence firm TRM Labs said the platform facilitated more than 4 million transactions worth a total of $1.4 billion, with Boss taking a small cut from each transaction. This comprised money exchanged with darknet markets, scam wallet addresses, high-risk exchanges, ransomware groups, crypto theft operations, mixers, and sanctioned addresses.
Specifically, cryptocurrency addresses controlled by Cryptonator transacted with darknet markets, virtual exchanges, and criminal marketplaces like Bitzlato, Blender, Finiko, Garantex, Hydra, Nobitex, and an unnamed terrorist entity.
“Hackers, darknet market operators, ransomware groups, sanctions evaders and others threat actors gravitated to the platform to exchange cryptocurrencies as well as cash out crypto into fiat currency,” TRM Labs noted.
The popularity of cryptocurrency has created plenty of opportunities for fraud, with threat actors constantly devising new ways to drain victims’ wallets over the years.
Indeed, a recent report from Check Point found that fraudsters are abusing legitimate blockchain protocols like Uniswap and Safe.global to conceal their malicious activities and siphon funds from cryptocurrency wallets.
“Attackers leverage the Uniswap Multicall contract to orchestrate fund transfers from victims’ wallets to their own,” researchers said. “Attackers have been known to use the Gnosis Safe contracts and framework, coaxing unsuspecting victims into signing off on fraudulent transactions.”