Saturday, September 7, 2024
HomeCyber Security NewsAuthorities have Uncovered USD 40 Million from Hackers

Authorities have Uncovered USD 40 Million from Hackers

Published on

Singapore authorities have successfully intercepted and reclaimed over USD 40 million defrauded in a sophisticated business email compromise (BEC) scam.

The operation, facilitated by INTERPOL’s Global Rapid Intervention of Payments (I-GRIP) mechanism, marks the largest-ever recovery of fraudulently obtained funds in Singapore’s history.

The Scam Unveiled

On 23 July 2024, a commodity firm based in Singapore reported falling victim to a BEC scam.

- Advertisement - EHA

The scammer had impersonated a supplier, sending an email from a slightly altered email address and requesting a pending payment be sent to a new bank account in Timor Leste.

Unaware of the deception, the firm transferred USD 42.3 million on 19 July. The fraud was discovered four days later when the genuine supplier reported not receiving the payment.

Upon receiving the police report, the Singapore Police Force (SPF) immediately sought assistance from INTERPOL.

The I-GRIP mechanism utilizes INTERPOL’s 196-country network, and the SPF coordinated with Timor Leste authorities to intercept the fraudulent transaction.

How to Build a Security Framework With Limited Resources IT Security Team (PDF) - Free Guide

Swift Action and Arrests

On 25 July, the SPF’s Anti-Scam Centre confirmed the detection and withholding of USD 39 million from the fraudulent account in Timor Leste.

Further investigations led to the arrest of seven suspects and an additional USD 2 million recovery. Efforts are underway to return the stolen funds to the victimized firm in Singapore.

Isaac Oginni, Director of INTERPOL’s Financial Crime and Anti-Corruption Centre (IFCACC), emphasized the importance of rapid response in such cases.

“Speed is crucial to successfully intercepting the proceeds of online scams. The cooperation between authorities in Singapore and Timor Leste in this case was exemplary,” Oginni stated.

David Chew, Director of the SPF’s Commercial Affairs Department, highlighted the global nature of scams and the necessity for international cooperation.

“Scams are a global threat that requires an international response from law enforcement. We commend the swift and decisive action of INTERPOL’s Financial Crime and Anti-Corruption Centre,” Chew remarked.

Since its inception in 2022, INTERPOL’s I-GRIP mechanism has been instrumental in intercepting hundreds of millions of dollars in illicit funds.

Notable recoveries include USD 3.4 million from an Italian company in 2020 and USD 331,000 from a Spanish victim in 2024.

INTERPOL urges businesses and individuals to take preventative measures against BEC and other social engineering scams.

Timeline of a Scam

  • 15 July: Singapore firm receives scam email from fake supplier.
  • 19 July: Firm transfers USD 42.3 million to the fake supplier via a bank account in Timor Leste.
  • 23 July: Firm discovers the fraud and files a police report; SPF contacts INTERPOL.
  • 24 July: Confirmation of USD 39 million interception received.
  • 24-26 July: Timor Leste authorities arrest suspects and recover an additional USD 2 million.

This case underscores the critical role of international collaboration in combating financial crimes and protecting businesses from sophisticated scams.

Are you from SOC and DFIR Teams? – Analyse Malware Incidents & get live Access with ANY.RUN -> Free Access

Divya
Divya
Divya is a Senior Journalist at GBhackers covering Cyber Attacks, Threats, Breaches, Vulnerabilities and other happenings in the cyber world.

Latest articles

BBTok Abuses Legitimate Windows Utility Command Tool to Stay Undetected

Cybercriminals in Latin America have increased their use of phishing scams targeting business transactions...

Predator Spyware Exploiting “one-click” & “zero-click” Flaws

Recent research indicates that the Predator spyware, once thought to be inactive due to...

Tropic Trooper Attacks Government Organizations to Steal Sensitive Data

Tropic Trooper (aka KeyBoy, Pirate Panda, and APT23) is a sophisticated cyberespionage APT group,...

NoiseAttack is a Novel Backdoor That Uses Power Spectral Density For Evasion

NoiseAttack is a new method of secretly attacking deep learning models. It uses triggers...

Free Webinar

Decoding Compliance | What CISOs Need to Know

Non-compliance can result in substantial financial penalties, with average fines reaching up to $4.5 million for GDPR breaches alone.

Join us for an insightful panel discussion with Chandan Pani, CISO - LTIMindtree and Ashish Tandon, Founder & CEO – Indusface, as we explore the multifaceted role of compliance in securing modern enterprises.

Discussion points

The Role of Compliance
The Alphabet Soup of Compliance
Compliance
SaaS and Compliance
Indusface's Approach to Compliance

More like this

BBTok Abuses Legitimate Windows Utility Command Tool to Stay Undetected

Cybercriminals in Latin America have increased their use of phishing scams targeting business transactions...

Predator Spyware Exploiting “one-click” & “zero-click” Flaws

Recent research indicates that the Predator spyware, once thought to be inactive due to...

Tropic Trooper Attacks Government Organizations to Steal Sensitive Data

Tropic Trooper (aka KeyBoy, Pirate Panda, and APT23) is a sophisticated cyberespionage APT group,...