Business email compromise (BEC) schemes have been disrupted in various countries thanks to a concerted effort by the FBI and its international law enforcement partners.
The “Eagle Sweep” operation, which began in September 2021 and lasted three months, resulted in the arrest of 65 people in the United States, Nigeria, South Africa, Cambodia, and Canada.
BEC actors are high-level fraudsters who pose as a business partner or a corporation filing a legal payment request to deceive personnel of actual organizations into transferring payments to bank accounts under their control.
Arrests in the spotlight
According to the FBI release, the fraudsters seized are suspected of targeting over 500 businesses across the United States, resulting in at least $51,000,000.
Among the people who have been arrested, the following persons stand out:
Oluwasegun Baiyewu, 36, of Houston, Texas, and Leo Omorogieva Eghaghe, 39, of Lagos, Nigeria, who defrauded a Puerto Rican renewable energy supplier and laundered around $4,500,000 (together with other organizations).
Ashley Crespo, 27, David Alvarado, 21, Wendy Elizabeth Ramos Lopez, 29, Dayana Zaila Ramos, 32, Alvaro Umanzor, 23, Luis Lopez, 39, Jerome Crawford, 25, and Jamal Moore, 25, are all from Houston. Over the course of two years, the organization laundered $4,500,000 with the help of others, including $900,000 in a single BEC scheme.
Bright Osaghni, 41, and Osatohanmwen Oriakhi, 41, both of Toronto, Canada, who attempted to defraud hundreds of people in the United States and Canada of approximately $16 million.
Law enforcement authorities in Australia, Japan, and Nigeria undertook local operations targeting BEC perpetrators in conjunction with Operation Eagle Sweep.
How to Recognize BEC Scams
When you get an email request to move payments to a new bank account, the best approach to prevent paying money to a BEC scammer is to phone your business partner.
Use the phone number you already confirmed to be real for this confirmation, not any numbers supplied in the suspected email.
To keep your email account from being hacked, enable multi-factor authentication and use a strong and unique password.
Organizations should also register possibly problematic typo-squatting domains to guarantee that their domain cannot be readily faked.
