Eleven prolific BEC scam suspects arrested in Nigeria

4 months ago 26

SilverTerrier brought to heel

Eleven prolific BEC scam suspects arrested in Nigeria

Eleven alleged members of a prolific cybercrime network have been arrested in Nigeria following a joint operation involving the Nigerian Police Force (NPF) and Interpol.

The suspects, alleged members of the ‘SilverTerrier’ crew, are accused of targeting thousands of organizations worldwide through business email compromise (BEC) scams.

BEC attacks typically involve sending a spoofed email purporting to come from either a senior executive in a targeted organization or a trusted customer. In other cases, hacked email accounts are used to send fraudulent messages.

In either case, recipients are instructed to approve payments and transfer funds into accounts controlled by fraudsters.

Money trail

The 10-day Operation Falcon II campaign that led onto the arrests in mid-December was based on “intelligence provided by Interpol” involving the tracking of fraudulent payments.

News of the arrests of the as-yet unnamed suspected was released this week.

Led by Interpol’s Cybercrime Directorate in Singapore, Operation Falcon II also involved Nigerian law enforcement agencies and threat intel units from cybersecurity firms Group-IB and Palo Alto Networks.

RELATED A guide to spear-phishing – how to protect against targeted attacks


Police reckon the Nigerian fraudsters they arrested may be associated with BEC scams against more than 50,000 targets.

A total of 800,000 potential victim domain credentials were discovered on the laptop of one of the suspects, Interpol said.

Another suspect was said to have been monitoring conversations between 16 companies and their clients – an alleged process of reconnaissance designed to select the optimum time to make fraudulent requests just as genuine transactions were due to take place.

Interpol’s Global Financial Crime Taskforce is coordinating further action against ‘SilverTerrier’ bank accounts and sharing intelligence on the compromised domain credentials of potential victims with member countries to prevent further fraud.

YOU MAY ALSO LIKE VPNLab takedown: Authorities dismantle secure communication tool favored by cybercriminals

Read Entire Article