Expect rapid growth in BEC scams to continue, despite global crackdown

A romance scammer known as “Ghost” works on his laptop in a house on April 19, 2015 in Zongo area of Accra, Ghana.  He is one of many young unemployed men here who is involved in internet scams(Per-Anders Pettersson)

The Justice Department's extradition of Deborah Mensah from Ghana for her alleged participation in a multimillion-dollar business email compromise (BEC) scheme marks the latest move in a flurry of global activity to stop increasingly prevalent email scams.

Since 2018, the department has participated in two massive international operations netting nearly 370 arrests, and the FBI launched a Recovery Asset Team that has prevented the transfer of more than $300 million in fraudulent transactions in 2019 alone.

But while experts see the new law enforcement focus as welcome, substantial and necessary, they do not see it as likely to stem the rapid growth of BEC scams, which increasingly merge traditional hacking with email fraud. By compromising an email account, criminals can send messages from authentic business accounts to their clients that are extremely difficult to detect.

BEC cases tracked by the FBI have continually risen over the past 6 years at an alarming rate – from $226 million in losses to nearly $1.8 billion. 

“The amount of money that can be made from attacks is so awfully huge we see global criminal groups switching over to these sorts of attacks that require only basic social engineering,” regardless of the increase in prosecutions, said Crane Hassold, director of threat research at Agari and an expert on email fraud networks.

No longer just the purview of fake Nigerian princes needing help moving money into the U.S., email scams are now frequently operated by international networks. Three of Mensah’s alleged co-conspirators, all of whom came from the Bronx, pleaded guilty in 2019 to a scam that ended the year before. And while the name “Nigerian scam” refers to the dominion of the fake royalty in the first wave of scams in the late 1990s, most of the con operations really do originate in West Africa, particularly Nigeria, where law enforcement had been historically lax.

In recent years, Nigerian authorities have stepped up local prosecutions, Crane said.

“Nigerian authorities have become more aggressive because these types of fraudulent attacks have essentially tarnished the reputation of Nigeria,” reinforcing a stereotype "that most Nigerians are involved in this type of activity, he said.

As Nigeria began its crackdown, said Crane, many bad actors moved to Ghana, where the heat from authorities is lower. But the arrest of Mensah - a Ghanian citizen – shows that even countries with more lax law enforcement are not necessarily safe havens.

“Ms. Mensah may have believed hiding in Ghana protected her from facing justice for her alleged role in this scheme,” FBI Assistant Director William F. Sweeney told the press as Mensah’s extradition was announced. “ She now knows the FBI’s reach is global through our formidable network of law enforcement partners. Others should take heed – we won’t go away simply because it may take time to go get you.”

Joe Uchill

Joe is a senior reporter at SC Weekly, focused on policy issues. He previously covered cybersecurity for Axios, The Hill and the Christian Science Monitor’s short-lived Passcode website.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.