A global stop-payment mechanism created by INTERPOL successfully recovered over $40 million stolen in a BEC attack on a company in Singapore.

INTERPOL says this is the largest recovery of funds stolen through a business email compromise (BEC) scam.

BEC scams are a type of cyberattack in which cybercriminals attempt to redirect legitimate corporate payments to an attacker-controlled bank account.

These attacks are conducted by threat actors compromising a vendor’s or company’s email address to trick billing departments into approving new banking information where payment should be sent. When the threat actors receive the payment, they quickly use money mules to drain the account or transfer it to numerous other accounts under their control.

The 2023 FBI IC3 Report says that they received 21,489 complaints with $2.9 billion in reported losses due to business email compromise in 2023.

I-GRIP recovers over $40 million

According to an announcement by INTERPOL, a commodity firm based in Singapore fell victim to a BEC attack after receiving what they thought was an email from their supplier.

“On 15 July, the firm had received an email from a supplier requesting that a pending payment be sent to a new bank account based in Timor Leste,” reads the announcement.

“The email, however, came from a fraudulent account spelled slightly different to the supplier’s official email address.”

Thinking this was a legitimate request, the firm wired $42.3 million to the attacker-controlled bank accounts, only to realize four days later that they had fallen for an attack.

After reporting the attack to the Singapore authorities, law enforcement used INTERPOL’s Global Rapid Intervention of Payments (I-GRIP) to request assistance from authorities in Timor Leste and recover $39 million from the BEC attack.

Further investigations by the Timor Leste authorities led to the arrest of seven suspects and the recovery of an additional $2 million, bringing the total recovered amount to $41 million.

In June, a global police operation called “Operation First Light” arrested 3,950 people for their suspected involvement in phishing, pig butchering scams, fake online shopping sites, and romance and impersonation scams.

I-GRIP was also used during the operation to recover millions of dollars stolen by the threat actors. Since its launch in 2022, it has been used to recover over $500 million stolen through fraud and cybercrime.