Threat Watch

Nigerian Police Force Arrests 11, Disrupts Notorious BEC Criminal Syndicate

On January 19th, INTERPOL announced the arrest by Nigerian Police Force (NPF) of 11 alleged members of a prolific cybercrime group known as Silver Terrier. The NPF Cybercrime Police Unit worked with INTERPOL and used information provided by private cybersecurity firms Unit 42 and Group-IB, along with investigative work shared by other police agencies across the globe, to identify the key members of the criminal group that is allegedly responsible for Business Email Compromise (BEC) scams that affected over 50,000 victims.

The criminal operation targeted business email accounts through phishing or credential stuffing to obtain passwords and read private email, then the criminal actors watched inboxes carefully to spot email messages with wire transfer or other payment instructions, modifying the receiving account in the email to trick business financial professionals into transferring the money to a different bank account under the control of a “money-mule” associated with the criminal gang. BEC may be considered by some as a low-technology crime that relies more on social engineering than computer hacking, yet it remains one of the most prevalent and costly scams to affect businesses world-wide.

ANALYST NOTES

This arrest and international cooperation to take down a BEC criminal group represents a blow to criminal operations that have operated from Nigeria and other countries in Africa with success and seeming impunity to prosecution. International support of law enforcement action is one part of the necessary response to cybercrime in Africa, but for long-term success, it should be coupled with increased economic opportunities for a technically skilled workforce to find meaningful and legitimate work that contributes to the local economy.

Businesses should prioritize prevention of Business Email Compromise losses by implementing the following policies:
• Employees who handle wire transfers should have their email account access protected by Multi-Factor Authentication (MFA) and not just a password alone.
• Before wiring any payments over a certain threshold (e.g., $20,000) employees should check the receiving account number against prior payments, note any change, and verify the new account number via phone with the company that is supposed to receive the payment.
• Security personnel should investigate any new email forwarding rules added to any email account, and any unusual logins to email accounts used by financial professionals who handle wire transfers.

https://www.interpol.int/en/News-and-Events/News/2022/Nigerian-cybercrime-fraud-11-suspects-arrested-syndicate-busted