Interpol anti-fraud operation busts call centers behind business email scams

1,770 premises raided, 2,000 arrested, $50m seized

Law enforcement agencies around the world have arrested about 2,000 people and seized $50 million in a sweeping operation crackdown of social engineering and other scam operations around the globe.

In the latest action in the ongoing "First Light", an operation Interpol has coordinated annually since 2014, law enforcement officials from 76 countries raided 1,770 call centers suspected of running fraudulent operations such as telephone and romance scams, email deception scams, and financial crimes.

Among the 2,000 people arrested in Operation First Light 2022 were call center operators and fraudsters, and money launderers. Interpol stated that the operation also saw 4,000 bank accounts frozen and 3,000 suspects identified.

We're not going to be able to arrest ourselves out of this problem

"The international nature of these crimes can only be addressed successfully by law enforcement working together beyond borders, which is why Interpol is critical to providing police the world over with a coordinated tactical response," Rory Corcoran, director of the org's Financial Crime and Anti-Corruption Centre (IFCACC), said in a statement. "Telecom and BEC [business email compromise] fraud are sources of serious concern for many countries and have a hugely damaging effect on economies, businesses and communities."

The operation is the latest example of governments and law enforcement agencies around the world pushing to crack down on growing cyberthreats, from ransomware and other crimes. In May 2022, an Interpol operation dubbed Killer Bee arrested a Nigerian man for using a remote access trojan (RAT) to steal corporate credentials and reroute financial transactions.

That action came a week after another Nigerian man was arrested following a year-long Interpol operation called Operation Delilah. The suspect was cuffed on suspicion of running a multi-continent phishing scam targeting corporations.

In January another Interpol-led operation saw Nigerian law enforcement arrest 11 members said to be part of a group called SilverTerrier suspected of running BEC scams that impacted thousands of companies around the world.

Interpol also is working closely not only with law enforcement agencies but also cybersecurity vendors like Fortinet, Palo Alto Networks and Trend Micro in an information-sharing program called Gateway, which was instrumental in the operation that led to the arrests of the SilverTerrier suspects. Such public-private cooperation is critical as countries and companies try to defend against increasingly sophisticated cybercriminal gangs.

"We're not going to be able to arrest ourselves out of this problem," Doug Witschi assistant director for cybercrime threat response and operations at Interpol, told The Register in April. "We need to work as a global community on this challenge. And Gateway is one step in that direction."

That said, the most recent operation collected a range of suspects. In Singapore, police arrested eight people alleged to be part of a job scam similar to a Ponzi scheme. The scammers, through social media and messaging systems, would offer people high-paying online marketing jobs. The jobs were real, but paid only small sums. Workers were then told they had to recruit others to earn commissions.

Another Ponzi scheme defrauded almost 24,000 victims out of almost $36 million. The Chinese national thought to have been behind the scheme was arrested in Papua New Guinea and returned to China through Singapore.

Singaporean law enforcement agencies, using information gleaned from the operation, rescued a teenager who had been tricked through a scam into pretending to be kidnapped in order to collect a $1.6 million ransom from his parents, according to Interpol.

Interpol also got information about a number of emerging trends, including the way money mule herders are laundering money through victims' personal bank accounts, how social media is fueling human trafficking and how criminals pretending to be bank officials are tricking people into sharing online login details through vishing fraud.

Another trend the organisation has detected sees cybercriminals pretending to be Interpol to get money from people who fear they are under investigation.

Scams like those targeted by Operation First Light 2022 are far-reach and lucrative for the attackers. According to the FBI, between 2016 and 2021 there were 241,206 incidents of BEC and email account compromise (EAC) scams around the world that scammed people out of more than $43 billion.

In addition, between January and July 2021, the FBI received more than 1,800 complaints related to online romance scams that resulted in about $133.4 million paid out by victims. ®

Broader topics

Other stories you might like

  • HelloXD ransomware bulked up with better encryption, nastier payload
    Russian-based group doubles the extortion by exfiltrating the corporate data before encrypting it.

    Windows and Linux systems are coming under attack by new variants of the HelloXD ransomware that includes stronger encryption, improved obfuscation and an additional payload that enables threat groups to modify compromised systems, exfiltrate files and execute commands.

    The new capabilities make the ransomware, first detected in November 2021 - and the developer behind it even more dangerous - according to researchers with Palo Alto Networks' Unit 42 threat intelligence group. Unit 42 said the HelloXD ransomware family is in its initial stages but it's working to track down the author.

    "While the ransomware functionality is nothing new, during our research, following the lines, we found out the ransomware is most likely developed by a threat actor named x4k," the researchers wrote in a blog post.

    Continue reading
  • Voicemail phishing emails steal Microsoft credentials
    As always, check that O365 login page is actually O365

    Someone is trying to steal people's Microsoft 365 and Outlook credentials by sending them phishing emails disguised as voicemail notifications.

    This email campaign was detected in May and is ongoing, according to researchers at Zscaler's ThreatLabz, and is similar to phishing messages sent a couple of years ago.

    This latest wave is aimed at US entities in a broad array of sectors, including software security, security solution providers, the military, healthcare and pharmaceuticals, and the manufacturing and shipping supply chain, the researchers wrote this month.

    Continue reading
  • Zscaler bulks up AI, cloud, IoT in its zero-trust systems
    Focus emerges on workload security during its Zenith 2022 shindig

    Zscaler is growing the machine-learning capabilities of its zero-trust platform and expanding it into the public cloud and network edge, CEO Jay Chaudhry told devotees at a conference in Las Vegas today.

    Along with the AI advancements, Zscaler at its Zenith 2022 show in Sin City also announced greater integration of its technologies with Amazon Web Services, and a security management offering designed to enable infosec teams and developers to better detect risks in cloud-native applications.

    In addition, the biz also is putting a focus on the Internet of Things (IoT) and operational technology (OT) control systems as it addresses the security side of the network edge. Zscaler, for those not aware, makes products that securely connect devices, networks, and backend systems together, and provides the monitoring, controls, and cloud services an organization might need to manage all that.

    Continue reading

Biting the hand that feeds IT © 1998–2022