Interpol has claimed that its global stop-payment mechanism has enabled Singapore authorities to recover the largest amount ever from a business email compromise scam. The incident, which impacted an unnamed Singapore-based commodity firm, saw almost all of the $42.3m stolen from the company recovered by law enforcement agencies in Singapore and Timor-Leste.
“Speed is crucial to successfully intercepting the proceeds of online scams, with police, financial intelligence units and banks cooperating across multiple jurisdictions in a race against time,” said Interpol’s Financial Crime and Anti-Corruption Centre (IFCACC) Director Isaac Oginni. “The cooperation between authorities in Singapore and Timor Leste in this case was exemplary and demonstrates how quick action through Interpol can help recover funds taken from the fraud victims and identify the perpetrators.”
BEC scams depressingly common for large financial firms
A business email compromise scam is a form of cybercrime that manipulates legitimate fund-transfer requests. Scammers, using social engineering or hacking, access company email accounts to impersonate executives or legal entities. They then deceive employees into sending money to fake accounts or sharing sensitive information like personal or financial data.
On 23 July 2024, a Singapore-based commodity firm reported to the police that they had been deceived into transferring $42.3m to a fraudulent bank account. The business email compromise scam occurred when the firm received an email on 15 July from an individual posing as their supplier. The email directed the firm to send a pending payment to a new account in Timor Leste, with an email address that was slightly different from the supplier’s official one.
Unaware of the deceit, the firm completed the transfer on 19 July, but the discrepancy was discovered four days later when the real supplier reported the payment had not been received.
Responding promptly to the police report, the Singapore Police Force (SPF) called on Interpol’s Global Rapid Intervention of Payments (I-GRIP) service. This service leverages Interpol’s extensive global police network across 196 countries to accelerate responses to financial crimes.
SPF Commercial Affairs Department Director David Chew said: “Scams are a global threat that requires a global response from law enforcement. Today, money moves at the click of a button, and law enforcement must be able to move as fast to protect our citizens.
“We commend the swift and decisive action of Interpol’s Financial Crime and Anti-Corruption Centre, which played a pivotal role in the prompt interception of more than $40m.”
By 25 July, the SPF’s Anti-Scam Centre confirmed that $39m had been frozen in the fraudulent account in Timor Leste. Subsequent investigations led to the arrest of seven individuals linked to the business email compromise scam, with an additional $2m being recovered.
Interpol active in thwarting similar scams
Interpol’s I-GRIP mechanism is also said to have been effective in other instances. During its pilot phase, the mechanism facilitated the recovery of $3.4m tied to a fraud involving non-existent medical equipment in Indonesia early in the COVID-19 pandemic. More recently, in 2024, it assisted in intercepting $331,000 in a scam involving a Spanish company and a fraudulent recipient in Hong Kong, China.
The I-GRIP mechanism, launched in 2022, was developed to combat financial fraud across international borders. It accelerates the process of intercepting illicit financial transactions by leveraging Interpol’s global police network. This mechanism allows for swift communication and action between member nations, enabling them to effectively freeze and recover funds involved in financial crimes such as business email compromise scams.
Read more: UK government launches AI cybersecurity codes of practice
