Software Engineering Institute

In June 2018, federal authorities announced a significant, coordinated effort to disrupt business email compromise (BEC) schemes that are designed to intercept and hijack wire transfers from businesses and individuals. Operation Wire Wire, a coordinated law enforcement effort by the U.S. Department of Justice, U.S. Department of Homeland Security, U.S. Department of the Treasury, and the U.S. Postal Inspection Service, was conducted over a six-month period and resulted in 74 arrests in the United States and overseas, including 29 in Nigeria and 3 in Canada, Mauritius, and Poland. The operation also resulted in the seizure of nearly $2.4 million and the disruption and recovery of approximately $14 million in fraudulent wire transfers. Anne Connell, a researcher in the SEI’s CERT Division, discusses the information that can be gleaned from a close examination of recent BEC attacks, including the one at the center of Operation Wire Wire and another attack involving a Texas energy company. Connell also offers guidance on how individuals and organizations can protect themselves from these sophisticated new modes of attack.