Operation reWired – Worldwide Sweep Targets Business Email Compromise

Criminal Cases Show Need to Verify Before Wiring Funds

Criminal Cases Show Need to Verify Before Wiring Funds
The FBI and federal partners today announced scores of arrests in the United States and overseas in a coordinated law enforcement sweep targeting perpetrators of an insidious scam that tricks businesses and individuals into wiring money to criminals.

Operation reWired, a months-long, multi-agency effort to disrupt and dismantle international business email compromise (BEC) schemes, resulted in 281 arrests, including 74 in the United States, officials announced. Arrests were also made in Nigeria, Turkey, Ghana, France, Italy, Japan, Kenya, Malaysia, and the United Kingdom. The sweep resulted in the seizure of nearly $3.7 million and the disruption and recovery of approximately $118 million in fraudulent wire transfers.

“Through Operation reWired, we’re sending a clear message to the criminals who orchestrate these BEC schemes: We’ll keep coming after you, no matter where you are.”
FBI Director Christopher Wray

These sophisticated cyber-enabled scams often target employees with access to company finances and—using methods like social engineering and computer intrusions—trick them into making wire transfers to bank accounts thought to belong to trusted partners. The accounts are actually controlled by the criminals.

The operation follows last year’s Operation WireWire, a similar effort that led to total 74 arrests and the seizure of $2.4 million. Thirty-nine of the FBI’s 56 field offices participated in this year’s sweep alongside state and local task force officers and partner agencies, including the Department of Homeland Security, Department of State, Department of the Treasury, and the U.S. Postal Inspection Service.

The effects of this crime are far-reaching, and the dollar amounts involved are staggering. Since the Internet Crime Complaint Center (IC3) began formally tracking BEC (and its variant, email account compromise, or EAC) in 2013, it has gathered reports of more than $10 billion in losses from U.S. victims alone. The worldwide tally is more than $26 billion.

In addition to verifying all financial requests received by email, the IC3 recommends businesses and individuals:

  • Use two-factor authentication to verify any change to account information or wire instructions.
  • Check the full email address on any message and be alert to hyperlinks that may contain misspellings of the actual domain name.
  • Don’t supply login credentials or personal information in response to a text or email.
  • Regularly monitor financial accounts.
  • Keep all software and systems up to date.