Authorities have Uncovered USD 40 Million from Hackers

Singapore authorities have successfully intercepted and reclaimed over USD 40 million defrauded in a sophisticated business email compromise (BEC) scam.

The operation, facilitated by INTERPOL’s Global Rapid Intervention of Payments (I-GRIP) mechanism, marks the largest-ever recovery of fraudulently obtained funds in Singapore’s history.

The Scam Unveiled

On 23 July 2024, a commodity firm based in Singapore reported falling victim to a BEC scam.

The scammer had impersonated a supplier, sending an email from a slightly altered email address and requesting a pending payment be sent to a new bank account in Timor Leste.

Unaware of the deception, the firm transferred USD 42.3 million on 19 July. The fraud was discovered four days later when the genuine supplier reported not receiving the payment.

Upon receiving the police report, the Singapore Police Force (SPF) immediately sought assistance from INTERPOL.

The I-GRIP mechanism utilizes INTERPOL’s 196-country network, and the SPF coordinated with Timor Leste authorities to intercept the fraudulent transaction.

How to Build a Security Framework With Limited Resources IT Security Team (PDF) - Free Guide

Swift Action and Arrests

On 25 July, the SPF’s Anti-Scam Centre confirmed the detection and withholding of USD 39 million from the fraudulent account in Timor Leste.

Further investigations led to the arrest of seven suspects and an additional USD 2 million recovery. Efforts are underway to return the stolen funds to the victimized firm in Singapore.

Isaac Oginni, Director of INTERPOL’s Financial Crime and Anti-Corruption Centre (IFCACC), emphasized the importance of rapid response in such cases.

“Speed is crucial to successfully intercepting the proceeds of online scams. The cooperation between authorities in Singapore and Timor Leste in this case was exemplary,” Oginni stated.

David Chew, Director of the SPF’s Commercial Affairs Department, highlighted the global nature of scams and the necessity for international cooperation.

“Scams are a global threat that requires an international response from law enforcement. We commend the swift and decisive action of INTERPOL’s Financial Crime and Anti-Corruption Centre,” Chew remarked.

Since its inception in 2022, INTERPOL’s I-GRIP mechanism has been instrumental in intercepting hundreds of millions of dollars in illicit funds.

Notable recoveries include USD 3.4 million from an Italian company in 2020 and USD 331,000 from a Spanish victim in 2024.

INTERPOL urges businesses and individuals to take preventative measures against BEC and other social engineering scams.

Timeline of a Scam

• 15 July: Singapore firm receives scam email from fake supplier.
• 19 July: Firm transfers USD 42.3 million to the fake supplier via a bank account in Timor Leste.
• 23 July: Firm discovers the fraud and files a police report; SPF contacts INTERPOL.
• 24 July: Confirmation of USD 39 million interception received.
• 24-26 July: Timor Leste authorities arrest suspects and recover an additional USD 2 million.

This case underscores the critical role of international collaboration in combating financial crimes and protecting businesses from sophisticated scams.

Are you from SOC and DFIR Teams? – Analyse Malware Incidents & get live Access with ANY.RUN -> Free Access