Police Recover Over $40m Headed to BEC Scammers

A Singaporean commodity firm has had a narrow escape after police managed to intervene to recover nearly all of the $42.3m lost to fraudsters in a business email compromise (BEC) scam.

Interpol revealed today that the unnamed firm transferred the large cash sum to a new bank account based in Timor Leste on July 15, after an email from what they thought was a legitimate supplier.

It wasn’t until four days later, when the genuine supplier said it still hadn’t been paid, that the firm realized the request came from an email address spelled slightly differently to the real one.

Singapore Police Force (SPF) subsequently made use of Interpol’s Global Rapid Intervention of Payments (I-GRIP) mechanism – a 196-country police network designed to speed up requests for help with financial crimes.

Read more on BEC: BEC Attacks Surge 81% in 2022

On July 25, the SPF’s Anti-Scam Centre received confirmation that $39m had been found and withheld from the scammers’ bank account in Timor Leste. The authorities there subsequently arrested seven people in relation to the incident and recovered a further $2m, according to Interpol.

The funds are now being returned to the corporate victim in Singapore.

“Speed is crucial to successfully intercepting the proceeds of online scams, with police, financial intelligence units and banks cooperating across multiple jurisdictions in a race against time,” said Isaac Oginni, director of Interpol’s Financial Crime and Anti-Corruption Centre (IFCACC).

“The cooperation between authorities in Singapore and Timor Leste in this case was exemplary and demonstrates how quick action through Interpol can help recover funds taken from the fraud victims and identify the perpetrators.”

BEC was the second highest-grossing cybercrime type of 2023, netting scammers over $2.9bn, according to the FBI.

This is the latest in a growing number of wins for I-GRIP since it was launched in 2022. In June, Interpol revealed that Operation First Light, which used the payment recovery mechanism, resulted in the freezing of 6745 bank accounts and the interception of approximately $135m in fiat currency and $2m in cryptocurrency.