Your email spam filter works overtime to keep sketchy investing opportunities and cheap Viagra offers out of your inbox, but you’ve probably seen some scams sneak through. That’s because email fraud operations are a multibillion-dollar business, often run by Nigerian-based syndicates that have members—not to mention targets—around the world. And on Monday, US officials announced a massive international initiative, Operation Wire Wire, that resulted in the arrest of 74 alleged email fraudsters.
The move is significant given that email scamming has gone mostly unchecked for years, but Operation Wire Wire still represents a small drop in a massive ocean of fraud. And while it particularly targets some of the money mules who underpin criminal payouts, the overall infrastructure behind these spamming campaigns is massive and inveterate. It would take major disruption to see a noticeable improvement.
Nigerian email rackets predictably target individuals, especially vulnerable populations like the elderly, but they also increasingly generate cash from a type of fraud called business email compromise, which fleeces companies of all sizes. BEC scams focus on employees with financial authority, and position fraudsters as company executives or third-party vendors that a business works with or could conceivably contract with. Employees complete a bill or invoice payment like normal, but the money really goes to scammers.
The Department of Justice—working with the Department of Homeland Security, Department of the Treasury, and Postal Inspection Service—arrested 42 people in the US, 29 in Nigeria, and three in Canada, Mauritius, and Poland who are allegedly connected to spamming operations and particularly money muling.
“Fraudsters can rob people of their life’s savings in a matter of minutes,” Attorney General Jeff Sessions said in a statement. “The Department of Justice has taken aggressive action against fraudsters in recent months…[and] we will continue to go on offense against fraudsters so that the American people can have safety and peace of mind.”
The initiative comes at an important time, as email fraud continues to grow and evolve. The email security firm Agari found last month that 24 percent of email scams now focus on BEC, and 96 percent of businesses end up being targeted by one scam or another. And fraudsters attempt to trick targets into making sizable payments, with requests averaging $35,500, Agari found. The federal Internet Crime Complaint Center reports that in recent years BEC losses in the US have totaled over $3.7 billion. Operation Wire Wire seized an impressive $2.4 million in stolen funds, and recovered $14.4 million more from wire transfers, but the scale of the problem overall is much larger.
“I applaud any and all action against these guys,” says Adam Meyers, vice president of intelligence at the security firm Crowdstrike, which has tracked Nigerian email scammers and business email compromise for years. “That said, 2.4 million dollars seized is a drop in the bucket.” Meyers also notes that money mules are relatively low on the criminal totem pole. “The key is to keep the pressure on and continuously arrest these actors at every opportunity,” he says.
‘It might be a slower start, but once the dominoes start falling you’re going to notice a more significant impact.’
James Bettke, Secureworks
There are growing signs that law enforcement agrees with this strategy. Operation Wire Wire represents increased international collaboration, and its 29 arrests in Nigeria by the country’s Economic and Financial Crimes Commission is an important step. A longtime hurdle to addressing BEC and Nigerian email scams in general has been jurisdictional and international law issues that limit access to Nigerian perpetrators. And the DOJ says it worked with law enforcement agencies in Poland, Canada, Mauritius, Indonesia, and Malaysia as well to carry out Operation Wire Wire. Scammers “are often members of transnational criminal organizations, which originated in Nigeria but have spread throughout the world,” the DOJ explains.
“The FBI is taking this very seriously. I’m aware of future endeavors that are in the works,” says James Bettke, a counterthreat unit researcher at Secureworks, a security firm that has tracked Nigerian email scammers for years. “There were no repercussions before. Scammers would just keep stealing and stealing, because they thought they were untouchable. Now that these arrests are happening they might have second thoughts.”
If the DOJ is in fact building out its investigation to eventually take down more crucial players, businesses and individual email users could eventually see a real improvement in their safety online. For now, though, Operation Wire Wire probably won’t result in a noticeable difference in your inbox.
“It might be a slower start, but once the dominoes start falling you’re going to notice a more significant impact,” Bettke says. “All of these underground economies are so interlinked that once you get through one you can really start mapping everything else out. You can start pivoting from person to person and work your way up fairly quickly.”
That provides small consolation to victims who have already lost thousands or millions of dollars in email scams. But a small step toward solving the problem is better than than none at all.