CEO Fraud Gang busted by Police

A joint police investigation supported by Europol has led to the dismantling of a Franco-Israeli criminal network involved in large-scale CEO fraud (also known as BEC Fraud).  The criminal network successfully targeted two companies located in France and stole around €38 million:

  • In early December 2021, one of the suspects impersonated the CEO of a company specialised in metallurgy.  The fraudster asked the company’s accountant to make an urgent and confidential transfer of  €300,000 to a bank in Hungary. The fraud was discovered a few days later when the accountant, thinking he was acting on behalf of the company’s CEO, attempted to make a transfer of €500,000. The company filed a complaint, and the investigators subsequently found that the call from the alleged CEO came from a number in Israel.
  • In late December 2021, a real estate developer also felt victim to fraud with a similar modus operandi.  The damages were much more significant in this case, however.  To perpetrate the fraud, the suspects impersonated lawyers, saying they worked for a well-known French accounting company.  After gaining the victim’s trust, the fraudster requested a large, urgent and confidential transfer.  Pretending to be consultants, they persuaded the Chief Financial Officer (CFO) to transfer millions of euros abroad.  In total, they defrauded the company of almost €38 million in a matter of days.  Using a pre-existing money laundering scheme, these funds were quickly transferred to different European countries, then to China and finally to Israel.
  • A link between these two scams was established in January 2022 when the Parisian real estate company filed a complaint.  The information exchange and international cooperation facilitated by Europol led to the discovery of accomplices, modi operandi and funds.

The successful operation, led by France, resulted in five action days, which took place between January 2022 and January 2023 in France and Israel.  Also involved were the Croatian National Police, the Croatian Anti Money Laundering Office, the French National Police, the French Gendarmerie, the Hungarian Budapest Metropolitan Police, the Israel Police, the Portuguese Judicial Police and the Spanish National Police.

A total of 8 suspects were arrested, 6 in France and two in Israel (including the criminal mastermind) and total assets estimated at €5.5 million were seized.

Europol facilitated the exchange of information and provided specialised analytical support, including financial and cryptocurrency analysis and expertise. The analysis led to the identification of links between countries to enable the urgent seizure of the criminal assets before the suspects could launder them.

The EAST Expert Group on Payment and Transaction Fraud (EPTF) focuses on the security of payments and transactions and covers the prevention of CEO Fraud within its brief. The 14th EAST EPTF meeting took place on 9 November 2022.

Europol publishes Italian language version of ATM Logical Attack Guidelines

ATM Logical Attack Guidelines - Italian LanguageEuropol’s European Cybercrime Centre (EC3) has just published an Italian language version of guidelines to help industry and law enforcement counter the ATM Logical Attack threat.  The English version of the updated document was officially launched at the 1st EAST Global Congress, which took place on Thursday 16th June 2022 at Europol’s HQ in The Hague.  The document is now available in English and Italian.  Work on versions in other languages is in progress.

The production of this document was coordinated by EAST EGAF.  It has three sections:

  1. Description of Modi Operandi (Descrizione dei Modi Operandi)
  2. Mitigating the risk of ATM Logical Attacks, Setting up Lines of Defence (Mitigazione del Rischio di Attacchi Logici Agli ATM, Creazione di Linee di Difesa)
  3. Identifying and responding to Logical Attacks (Identificazione e Risposta agli Attacchi Logici)

This latest version has many updates including improved advice on lines of defence and countermeasures, and a direct link (QR code) to the countermeasures published by EAST.

The original ATM Logical Attack Guidelines were published in 2015, with a first update in 2018.  They have been acknowledged as being of great value by both the industry and law enforcement, and the low success rate of ATM logical attack levels in Europe can no doubt be attributed to the fact that this guidance has been widely followed.

Circulation of the document is restricted to Law Enforcement and to the banking and payments industry, which includes EAST Members (National, Global, and Associate).

National & Global Fraud Intelligence sharing – 3rd EAST Global Congress

The 3rd EAST Global Congress took place on Wednesday 8th February 2023 in Bucharest as a hybrid meeting, with some delegates participating online. The event was hosted by the Romanian Banking Association (ARB) .

The meeting was chaired by Thomas Von der Gathen from Payment Services Austria (PSA) and the key focus was on the sharing of payment and terminal fraud intelligence (global, regional, national).

Law enforcement overviews were provided by: Europol’s European Cybercrime Centre (EC3) on various fraud types; the Gulf Cooperation Council Police (GCCPOL) on technological and non-technological fraud trends; the INTERPOL Financial Crime and Anti-Corruption Centre (IFCACC), on their role in providing a coordinated global response against the exponential growth in transnational financial crime; and the General Inspectorate of Romanian Police – Countering Organised Crime Directorate, on Cybercrime in Romania.

Private sector fraud intelligence updates were received from 26 countries, either directly or via regional/global updates by BNP Paribas, HSBC, and Worldline.  Regional Updates were also provided for ASP and MENA.  Each update covered Fraud Types, Fraud Origin, Due Diligence and Physical Attacks (ATM, ATS and CIT).  Payer manipulation fraud, also known as Authorised Push Payment fraud (APP), is a rising issue in many countries and, linked to social engineering, is a major concern. Threats relating to instant payments (IPs) were also discussed.  IPs pose some unique challenges due to their speed and irrevocability.

Updates from the three EAST Expert Groups were given:

EAST Fraud Update 1-2023 will be produced early next month, based on the country updates provided at the EAST Global Congress.  EAST Fraud, Payment, and Physical Attack Alerts are available on the EAST Intranet to EAST Members.

The 4th EAST Global Congress, scheduled for 7th June 2023, will also be held as a Hybrid Meeting.

Ransomware infrastructure taken down by Police

Europol supported the German, Dutch and US authorities to take down the HIVE ransomware infrastructure.  Law enforcement identified the decryption keys and shared them with many of the victims, helping them regain access to their data without paying the cybercriminals.  Around €120 million was saved due to mitigation efforts.  This international operation involved authorities from 13* countries.

HIVE ransomware has been identified as a major threat as it has been used to compromise and encrypt the data and computer systems of large IT and oil multinationals in the EU and the USA.  Since June 2021, over 1,500 companies from over 80 countries worldwide have fallen victim to HIVE associates and lost almost €100 million in ransom payments.

Affiliates executed the cyberattacks, but the HIVE ransomware was created, maintained and updated by developers.  Affiliates used the double extortion model of ‘ransomware-as-a-service’:

  • first, they copied data and then encrypted the files.
  • Then, they asked for a ransom to both decrypt the files and to not publish the stolen data on the Hive Leak Site.
  • When the victims paid, the ransom was then split between affiliates (who received 80 %) and developers (who received 20 %).

Europol streamlined victim mitigation efforts with other EU countries, which prevented private companies from falling victim to HIVE ransomware.  Law enforcement provided the decryption key to companies which had been compromised in order to help them decrypt their data without paying the ransom.  This prevented the payment of more than US$130 million or the equivalent of about €120 million of ransom payments.

Europol facilitated the information exchange, supported the coordination of the operation and funded operational meetings in Portugal and the Netherlands.  Europol also provided analytical support linking available data to various criminal cases within and outside the EU, and supported the investigation through cryptocurrency, malware, decryption and forensic analysis.

The EAST Expert Group on Payment and Transaction Fraud (EPTF) focuses on the security of payments and transactions and covers the prevention of ransomware within its brief. The 14th EAST EPTF meeting took place on 9 November 2022.

EAST EGAF holds 28th Meeting in Amsterdam

28th EGAF Meeting

The 28th Meeting of the EAST Expert Group on All Terminal Fraud (EGAF) took place on Wednesday 18th January 2023 hosted by Group-IB in Amsterdam.  The hybrid meeting was chaired by Otto de Jong from ING Bank.

It was attended by 26 key representatives from Terminal Deployers, Terminal Vendors, Networks, Card Schemes, Security Equipment and Software Vendors, Law Enforcement and Forensic Analysts. 13 people were in the room and there were 13 virtual participants.

Experts from the following organisations contributed to the meeting: Atruvia AG, Bits A/S, BKA, BNP Paribas, Cennox, Damage Control, Diebold Nixdorf, Dutch Banking Association, Europol, Gendarmerie Nationale (IRCGN), GMV, Group-IB, ING Bank, KAL, LINK Scheme, Mastercard, NatWest Group, NCR, Payment Services Austria (PSA), Polish Banking Association (ZBP), TietoEVRY, and Visa.

EAST EGAF, which meets three times a year in advance of each of the meetings of EAST National and Global Members, enables in-depth and technical discussion to take place on Logical and Malware attacks, Card Data Compromise and other issues relating to terminal fraud.

Discussion at the meeting focussed on the follow up to three EAST Fraud Alerts relating to Active Shimmer (Wedge) / Relay attacks, to contactless fraud, and to prevention measures relating to black box attacks.

EAST EGAF generates EAST Fraud Alerts for all EAST Members (National, Global and Associate). In total 276 Fraud Alerts have been issued as can be seen in the table below.

 

Cash is still used for most consumer payments in the Eurozone, but its share is declining

According to the latest study by the European Central Bank (ECB), cash is still the most frequently used means of consumer payment at the point of sale (POS), but its share is declining matched by a rise in electronic payments.  Consumers prefer electronic payment methods, but value having cash as an option.  The trend towards electronic means of payments has accelerated with the pandemic and a majority of consumers now prefer to use electronic payment methods.

Some key results from the study are:

Cash Payments

  • Cash was used for 59% of point-of-sale transactions in 2022, down from 72% in 2019.
  • It is the means of payment most often used for small-value payments in stores and for person-to-person transactions.
  • A majority (60%) also consider it important to have cash as a payment option.
  • Consumers perceive cash as helpful to remain aware of their expenditures, to protect their privacy and to allow transactions to be settled immediately.
  • Overall, consumers are satisfied with their access to cash, with a large majority of consumers finding it easy to get to an ATM or a bank to withdraw cash in most countries.
  • The perceived key advantages of cash were its anonymity and protection of privacy and the perception that it makes one more aware of one’s own expenses.
  • 37% of consumers kept cash reserves at home, outside the wallet or a bank account, up from 34% in 2019.
  • Cash was accepted in 95% of physical payment locations throughout the euro area, down from 98% in 2019.

Electronic Payments

  • The share of online purchases as a percentage of all euro area day-to-day transactions has increased significantly to stand at 17% in 2022, up from 6% in 2019.
  • For purchases at a point of sale, the share of card payments has grown by 9 percentage points to 34% in 2022, with contactless payments now making up the majority of card payments.
  • Contactless card payments at the POS increased considerably in three years, from 41% of all card payments in 2019 to 62% in 2022.
  • Cards are considered faster and easier to use and are seen as reducing the need to carry large amounts of cash.
  • Cards are the most frequently used payment method for larger payments and account now for a higher share of payments than cash in value terms.
  • The perceived key advantages of cards were that consumers don’t have to carry cash with them, coupled with the convenience of contactless payments.
  • The share of payments using mobile apps increased from less than 1% in 2019 to 3% in 2022.
  • Cashless means of payments, particularly mobile phone apps, increased in P2P payments. Between 2019 and 2022, the share of mobile payments more than tripled in terms of number from 3% to 10%, and rose from 4% to 11% in terms of value.
  • In the euro area it was possible to pay with non-cash instruments in 81% of transactions in 2022.

For full details of the Study on the Payment Attitudes of Consumers in the Euro area (SPACE) visit the ECB website.  The report presents the key findings from SPACE 2022 and compares them with the results of the 2019 study and, where relevant, with an earlier ECB study conducted in 2016, the Study on the Use of Cash by Households in the euro area (SUCH).

The next study will be published by the ECB in 2024.

Payment Security

The EAST Expert Group on Payment and Transaction Fraud (EPTF) focuses on the security of payment and transactions. The 14th EAST EPTF meeting took place on 9 November 2022.

The EAST Expert Group on All Terminal Fraud (EGAF) focused on the security of cards and payment terminals. The 27th EAST EGAF meeting took place on 14 September 2022.

The EAST Expert Group on ATM and ATS Physical Attacks (EGAP) focuses on the security of cash, cash handling terminals, and cash-in-transit.  The 18th EAST EGAP meeting took place on 31 August 2022.

Message from the Executive Director

The end of another busy year is almost upon us.  On behalf of the EAST Board I would like to thank everyone who has contributed to the continued success of EAST this year.  Being able to meet again in-person has been fantastic and, while all our meetings are still not yet back to normal, the hybrid meetings that we held all went well, as did the virtual meetings.

EAST supported Europol by attending two Joint Advisory Group Meetings on 25 May and 18 October, and by presenting at an EMPACT action dedicated to Terminal and Host Frauds on 14 December.  Rui Carvalho represented EAST.  Supported by EAST EGAF, Europol published updated guidelines to help industry and law enforcement counter the ATM Logical Attack threat.

EAST supported CEPOL by presenting at a course focussed on combating Card Fraud on 12 November.  I represented EAST.

During the year we said goodbye to two long-standing friends and colleagues, Phoebus Christodoulides and Delia Vaquerizo.

Ukraine is represented at EAST by the Ukrainian Interbank Payment Systems Member Association (EMA) and it was a real pleasure to see their representative Olesya Danylchenko in-person at our 1st Global Congress in June.  Despite the pressures of the war, she has done a fantastic job in sharing information during these very difficult times.  I know I speak for all of us in wishing her, her colleagues, and all their families, a safe, warm, connected, and very happy Christmas.

And lastly every best wish to all readers for a wonderful festive break and a very happy New Year!

Kind regards

Lachlan

Thousands of Money Mules arrested in international Police Operation

In a recent operation that ran from mid-September to the end of November 2022 Law enforcement from 25 countries, supported by Europol, Eurojust, INTERPOL and the European Banking Federation (EBF)  joined forces to crack down on one of the most important enablers of money laundering: money mules and their recruiters.

A ‘money mule’ is a person who transfers stolen money on behalf of others, usually through their bank account. Criminals contact people and offer them cash to receive money into their bank account and transfer it to another account.

During the operation 8,755 money mules were identified alongside 222 money mule recruiters, and 2,469 people were arrested worldwide.

This was the eighth European Money Mule Action (EMMA8).  EMMA is the largest international operation of its kind, built around the idea that public-private information sharing is key to fighting complex modern crimes. This year, and with the continuing coordination of the EBF, around 1,800 banks and financial institutions supported law enforcement in this action, alongside online money transfer services, cryptocurrency exchanges, Fintech and Know Your Customer (KYC) companies, and multinational computer technology corporations.  Related actions were carried out in countries as far apart as Colombia, Singapore and Australia.

Results Overview

  • 2,469 money mules arrested;
  • 1,648 criminal investigations initiated;
  • 4,089 fraudulent transactions identified;
  • €17.5 million intercepted.

Participating countries 

Australia, Austria, Bulgaria, Colombia, Cyprus, Czech Republic, Estonia, Greece, Hungary, Singapore, Hong Kong (China), Ireland, Italy, Moldova, Netherlands, Poland, Portugal, Romania, Slovak Republic, Slovenia, Sweden, Switzerland, Spain, United Kingdom, United States.

Don’t Be a Mule!

This week Europol, together with the EBF and financial institutions, is raising awareness about this crime and its criminal implications through the #DontBeaMule campaign.

The campaign is available for download in 26 languages and informs the public about how these criminals operate, how to recognise the signs and what to do if they become a target.  For more information visit Europol’s website.

If you think that you might be being used as a mule, act now before it is too late!  Stop transferring money and notify your bank and your national police immediately.

The EAST Expert Group on Payment and Transaction Fraud (EPTF), which meets three times each year, focuses on the prevention of money laundering. The 14th EAST EPTF meeting took place on 9 November 2022.

‘Spoofing’ website taken down by police

A ‘spoofing’ website believed to have caused an estimated worldwide loss in excess of £100 million (€115 million) has been taken down in a coordinated police action led by the United Kingdom and supported by Europol and Eurojust.  142 suspects have been arrested, including the main administrator of the website.

The website allowed fraudsters to impersonate trusted corporations or contacts to access sensitive information from victims, a type of cybercrime known as ‘spoofing’.  Spoofing relating to cybersecurity, is when someone or something pretends to be something else in an attempt to gain our confidence, get access to our systems, steal data, steal money, or spread malware.

Judicial and law enforcement authorities in Europe, Australia, the United States, Ukraine, and Canada helped to take down the website.

The services of this website allowed those who signed up and paid for the service to anonymously make spoofed calls, send recorded messages, and intercept one-time passwords. The users were able to impersonate an infinite number of entities (such as banks, retail companies and government institutions) for financial gain and substantial losses to victims.

The investigations showed that the website earned over €3.7 million in 16 months.  According to UK authorities, losses to victims at present are £43 million (€49 million), with estimated worldwide losses in excess of £100 million (€115 million).

In an international coordinated action carried out in November 2022, 142 users and administrators of the website were arrested across the world. The main administrator of the website was arrested in the UK on 6 November.  On 8 November 2022, the website and server was seized and taken offline by US and Ukrainian authorities.

The EAST Expert Group on Payment and Transaction Fraud (EPTF), which meets three times each year, focuses on the prevention of spoofing relating to cybersecurity. The 14th EAST EPTF meeting took place on 9 November 2022.

Online shopping fraud – Police arrest 59 people in cross-border operation

Online shopping fraud (also known as e-commerce fraud) is a rising threat. To counter this a coordinated crackdown has seen 59 scammers arrested and new investigative leads triggered all across Europe as part of Europol’s 2022 e-Commerce Action (eComm 2022). 19 countries took part in the successful action, which was coordinated by Europol’s European Cybercrime Centre (EC3) and the Merchant Risk Council (MRC). Direct assistance was received from merchants, logistic companies, banks, and payment card schemes.  Investigations are still ongoing in various countries, with more arrests expected in the coming weeks.

Online Payment Security

Online payments in Europe are generally very secure, mainly due to the wide implementation of Secure Customer Authentication (SCA).  SCA is a European regulatory requirement aimed at reducing fraud and making online and contactless offline payments more secure.  Broadly speaking customers shopping online may be asked to verify their identity with two factors during the checkout process.

To counter this criminals are continuously altering their techniques to unlock new ways of stealing money. eComm22 has identified the following threats to the e-commerce sector:

  • Phishing, vishing (Voice phishing) and smishing (SMS phishing) fraud:  These are techniques for fraudulently obtaining private information.  The criminals contact people by phone, text messages, messaging apps or email and attempt to convince them to hand over their credit card information. Sometimes these attacks promise a reward, other times they impersonate a trusted business or a government agency.
  • Account Takeover (ATO) Fraud: This is a form of identity theft in which the fraudster gets access to a victim’s bank or credit card accounts and uses them to make unauthorised transactions.
  • Fake websites (also referred to as Triangulation Fraud): These are websites that are not  legitimate venues designed to entice the visitor into revealing sensitive information, to download some form of malware, or to purchase products that never arrive.  eComm22 highlighted their use to entice buyers with cheap goods. Sometimes these fake websites appeared in ads, or links were sent to a user’s email directing them to the website through a phishing attempt. The catch is that these goods don’t actually exist, or are never shipped.

How to Protect Against Online Shopping Fraud

Online Shopping FraudEuropol, in conjunction with European Law Enforcement and the MRC, has today launched an awareness campaign that will be promoted through the hashtag #SellSafe.  This shares practical advice on how to outwit criminals trying to abuse the online shopping experience.  The aim  is to make e-commerce more secure by promoting safe online purchasing methods and by helping new merchants to open online shops without the risk of cyberattacks.

Some key tips for online shoppers are:

  • Never send your card number, PIN or any other card information to anyone by e-mail.
  • Never send money to anyone you don’t know.
  • Always save all documents related to your online purchases.
  • If you are not buying anything, don’t submit your card details.
  • Check your online banking service regularly. Notify your bank immediately if you see payments or withdrawals that you have not made yourself.
  • For more information read Europol’s Tips And Advice To Avoid Becoming A Fraud Victim

Some key tips for e-business owners are:

  • Ensure all your employees are aware of the fraud issues affecting online stores.
  • Stay up to date on the types of payment fraud affecting businesses and have the tools in place to prevent them. Your national payments organisation will have details on payment fraud types.
  • Get to know your customers in order to be able to verify their payments.
  • For more information read Europol’s advice on Safe Sales, Safe Revenue

The EAST Expert Group on Payment and Transaction Fraud (EPTF), which meets three times each year, focuses on the prevention of payment and transaction fraud, online shopping fraud. The 14th EAST EPTF meeting took place on 9 November 2022.