Digital Forensics Dispatch

Digital Forensics Blog
by Sensei Enterprises, Inc.

Bust of Major Business Email Compromise Gangs by FBI 

March 31, 2022

A recent FBI cybercrime operation, dubbed “Eagle Sweep”, was apparently a great success for the bureau according to a recent article on BleepingComputer.com.

Taking place over three months, starting in September of 2021, cyber investigators were able to gather evidence that led to the arrest of 65 suspects from both the US and Canada, as well as associates in South Africa and Cambodia. Other concurrent investigations by countries such as Japan and Nigeria resulted in additional arrests.

The groups picked up in Eagle Sweep are believed to have been behind business email compromise attacks of over 500 US-based victims. The total estimated losses caused by all the suspects are over $50,000,000. Some of the groups of two or three suspects are responsible for scams exceeding 4.5 million dollars.

Business email compromise (BEC) attacks happen when hackers gain access to their victims’ email accounts and monitor inbound and outbound messages, usually waiting for the perfect time to step in and make a payment request change or submit a bill. Often they insert their messages when one party might be suspecting a legitimate payment request and redirect funds to their account. This tactic frequently goes hand in hand with a false sense of urgency regarding the timing of the payment.

With these types of attacks on the rise, it is important for all businesses to follow important security practices when dealing with their email and especially payments. Enabling two factor authentication on webmail services like Gmail and Office 365 can make a huge difference. Of course, always double checking with anyone requesting a payment, especially when there is a change is key. Using a known good phone number (not one in the signature line of the suspicious payment request!) can, and has, saved many a company a very costly lesson.

Email:    Phone: 703.359.0700
Digital Forensics/Cybersecurity/Information Technology
https://senseient.com/services/digital-forensics