Interpol arrests 11 BEC gang members linked to 50,000 targets

In coordination with the Nigerian Police Force, Interpol has arrested 11 individuals suspected of participating in an international BEC (business email compromise) ring.

BEC is a type of attack conducted via email involving the spear-phishing of certain company employees responsible for approving payments to contractors, suppliers, etc.

By impersonating a coworker, a supervisor, or a client/supplier, BEC actors manage to divert payments to their bank accounts, essentially stealing them from the targeted company.

In the latest Interpol operation codenamed 'Falcon II,' which unfolded between December 12 and 22, 2021, the police followed leads provided by cyber-intelligence firms Group-IB and Palo Alto Networks' Unit 42 to arrest suspects in Lagos and Asaba.

Members of the TMT gang

According to the forensic investigation and the evidence collected so far, Interpol believes that at least some of the arrested individuals belong to the BEC gang known as TMT (aka SilverTerrier).

This is the second blow for the particular group after Interpol arrested more of their members in the context of 'Falcon I' back in 2020.

"This preliminary analysis indicates that the suspects' collective involvement in BEC criminal schemes may be associated with more than 50,000 targets," details Interpol's announcement.

"One of the arrested suspects was in possession of more than 800,000 potential victim domain credentials on his laptop."

"Another suspect had been monitoring conversations between 16 companies and their clients and diverting funds to 'SilverTerrier' whenever company transactions were about to be made."

Hiding behind banks

BEC scammers cannot siphon funds in the form of untraceable cryptocurrencies, so the only way for them to hide is by moving the stolen amounts around, attempting to obscure the money trace.

Unfortunately, many banks, especially in countries where weak money laundering regulations apply, insist on protecting their clients' identities and refuse to revert transactions that were part of payment diversion fraud acts.

However, the international collaboration and information exchange between law enforcement and intelligence agencies worldwide make it increasingly challenging for BEC actors to remain hidden.

How to defend against BEC

When requested to send money or to change to conduct all payments to a new bank, you may pick up the phone and call the supplier/colleague to confirm it.

For this, use the phone number you have confirmed to be valid in past communications and not any new numbers provided in the email.

To protect your email account from takeover, enable multi-factor authentication along with a strong and unique password.

Organizations should also secure their domain from spoofing by registering potential domain typo-squatting candidates and instructing employees not to over-share business information online.