The Singapore Police Force (SPF) recovered more than $40 million in stolen funds from a business email compromise (BEC) scam in only two days, thanks to Interpol’s Global Rapid Intervention of Payments (I-GRIP) mechanism, with the help of Interpol and authorities in Timor Leste, a known cybercrime hotspot and the country of origin of the scammer’s bank account.
The SPF received a report from a commodity firm in the country saying it had fallen victim to a BEC scam, incorrectly transferring $42.3 million to a scammer’s account. The firm had received an email on July 15 from a scammer impersonating a legitimate supplier used by the company requesting payment to be sent to a bank account located in Timor Leste.
The email came from an address slightly different from the legitimate supplier’s. Unaware of the scam, the firm transferred the entire amount to the fake supplier on July 19. The scam was discovered later, on July 23, when the legitimate supplier raised concerns about not being paid.
Following the police report, the SPF confirmed on July 25 that $39 million was detected and withheld in the fake supplier’s bank account in Timor Leste. Further investigation by Timor Leste authorities ended in the arrest of seven individuals related to the scam and further recovery of $2 million. The recovered money is now being returned to the Singaporean firm.
BEC scams are common. They generally involve scammers either compromising a supplier or vendor’s email or impersonating it with typosquatting methods to request payments from companies on the victim’s behalf. According to the 2023 Internet Crime Report by the FBI, more than 21,000 complaints related to BEC scams were filed with the law enforcement authority in 2023 alone.
In the News: Microsoft 365 vulnerability can bypass email phishing alerts
