A six-month long law enforcement operation in the Asia Pacific coordinated by Interpol resulted in the seizure of approximately £58.4m in funds that were stolen by fraudsters through scams such as investment fraud, romance scams, online sextortion, and voice phishing.
Operation HAECHI-I, which ended in March this year, involved the participation of Interpol as well as law enforcement authorities from Cambodia, China, Indonesia, Korea, Laos, The Philippines, Singapore, Thailand, and Vietnam. The operation was aimed at seizing stolen funds and nabbing cyber criminals engaged in a variety of investment scams and other types of online financial crime.
Since September last year, these agencies opened more than 1,400 investigations, of which 892 cases have been solved so far, resulting in the seizure of $83 million from cyber criminals, the freezing of more than 1,600 bank accounts around the world, and the arrest of 585 individuals.
“Online fraudsters often attempt to exploit the borderless nature of the Internet by targeting victims in other countries or transferring their illicit funds abroad. The results of Operation HAECHI-I demonstrate that online financial crime is fundamentally global and that only through close international cooperation can we effectively combat these criminals,” said Ilana de Wild, INTERPOL’s Director of Organized and Emerging Crime.
One of the cases solved by law enforcement agencies involved a fraduster masquerading as trading partners of a Korean company and serving the company with several fraudulent invoices that contained their owned bank account details instead of those of the legitimate trading partner. Falling for the trick, the company transferred nearly $7 million to the fraudster before realizing it had been defrauded. Law enforcement authorities were able to quickly freeze half of the stolen funds and the case is still being investigated.
This case reminds us of a similar incident that involved a Lithuanian national targeting employees at Google and Facebook with spear-phishing attacks by impersonating a vendor company and swindling $121 Million (£92 million) from both companies between 2013 and 2015. Evaldas Rimasauskas, the Lithanian fraudster, was sentenced to five years in prison and fined over $49.7 million by the Manhattan federal court in late 2019.
In November 2019, Nikkei also announced that an employee at its US subsidiary was duped by a cyber criminal into transferring as much as $29 million (£22.6 million) to the latter’s account. In 2017, employees at India’s only government-owned airline company Air India fell for a phishing scam orchestrated by Nigerian hackers who posed as employees of Pratt & Whitney and duped the latter into transferring $300,000 (£230,905) to a bank account located in Nigeria.
In September 2017, a scammer also conned MacEwan University in Canada out of 11.8 million CAD after he convinced employees to change payment details for a vendor using email communications. After the phishing attack was discovered, the university said that “controls around the process of changing vendor banking information were inadequate, and that a number of opportunities to identify the fraud were missed.”
According to Interpol, while cyber criminals have been conducting Business Email Compromise (BEC) scams for a long time, the arrival of the COVID-19 pandemic was leveraged to the hilt by them to target a large number of organisations worldwide for financial gain.
Interpol said that lured by the potential for high impact and financial benefit, cyber criminals are now using disruptive malware and ransomware against critical infrastructure and healthcare institutions, with a majority of hackers estimating quite accurately the maximum amount of ransom they could demand from targeted organisations.
Using COVID-19 related information as a lure, hacker groups are also injecting data harvesting malware such as Remote Access Trojan, info stealers, spyware, and banking Trojans into corporate IT networks to compromise networks, steal data, divert money, and build botnets.
Since the pandemic took shape, Interpol also observed a major rise in the setting up of fraudulent and malicious web domains that have COVID-19-related keywords such as “coronavirus” or “COVID”. Between February and March, a private sector partner of Interpol reported a 569 percent growth in malicious registrations, including malware and phishing, and a 788 percent growth in high-risk domain registrations.