Mishcon de Reya fraud Partner Gary Miller and founder of the International Fraud Group (IFG) featured on BBC World Service and National Public Radio (NPR) commenting on the arrest of a Nigerian behind thousands of online scams around the world.
The individual is alleged to have a network of 40 individuals behind global scams worth in excess of $60m. His operations centred around payment diversion fraud.
In his interviews, Gary said he was impressed that the Nigerian and Interpol authorities had managed to catch the perpetrator, stressing that in these kind of scams it's almost impossible to find out where the fraudsters are based. He felt that the knowledge that had led to this arrest in Nigeria is useful and should be shared with other police forces around the world.
Explained the way payment diversion fraud works, Gary said:
"Phishing or pharming are words that are used to describe quite simple confidence tricks.
"Phishing works by tricking an individual into giving away personal data over email, and sometimes giving money away in response to the email. Pharming is slightly more sophisticated. This technique involves somebody setting up a fake website which people go onto without knowing they are dealing with a bogus company. The email, however, is the fundamental tool."
"In businesses, account takeover is common. A piece of malware can be sent from anywhere in the world that, when clicked on, manages to get inside a computer system and pass over information about email accounts, allowing them to be monitored. The fraudsters then strike when an order is being placed and money needs to be sent. They impersonate the person in the company and direct money to be sent to the fraudster instead of to the company to which they are due."
Elaborating on what companies can do to protect themselves, Gary added:
"There's a myth that only the larger, multinational companies are victims of cyber fraud. That's not true at all. SMEs are more vulnerable – a scam like this could put them out of business so they really need to take their email communication and protection very seriously. The first step is to protect passwords, and then make sure you have the appropriate security. Make sure that nobody in your company is sending out passwords, or doing anything in response to an unsolicited email without some double checks in place first."