Crime

Black Axe cyber-crime busts highlight transnational CEO scams

Bending the rules a bit this week, as in today’s blog we’ll delve into a likely missed but still important European-wide crime headline (albeit with the focus returning to Central Europe)--this being more arrests in a series of busts tied to the Black Axe cyber-crime gang.

The reasoning for this goes in part back to last week’s effort in that this investigator firmly believes that 1) the white-collar public (perhaps by putting a bit of effort into denial) is a bit too blissfully unaware of current hard-core crime risks and 2) ditto with regard to the international nature of ongoing scams.

So let’s talk about the Black Axe gang bust on Jan. 9. For those who have been oblivious of the notoriety of the Black Axe gang, the organized crime gang has been a plague on businesses across Europe for years. On Jan. 9, Spanish and German authorities announced the arrest of 34 suspects allegedly involved in close to EUR 5.9 mln in cyber fraud, vehicle theft and money laundering.

Believe it or not… this is small money in the world of cyber fraud (but hold your horses, as I’ll get to that, as it is just a fraction of the Black Axe machine)—but also… there is cyber fraud and there is cyber fraud. And there are Nigerian gangs and there are… Nigerian gangs with a wider view.

So here is where we get relevant. The Black Axe network long specialized in social engineering scams. This means, and here we’ll quote the Irish Sun Times (and explain the relevance of that paper shortly), that the chief scam was the “business email compromise — involves cloning emails of legitimate companies and convincing them to change their supplier’s bank details. The fraudsters then ask the clients to send their payment to the ¬different account in Ireland that they have control of. And once the cash lands, it is sent to places like the UK and Portugal.”

Now the Irish and continental side (and the relevance I’ve been harping about): As stated, the Spanish-German bust is small potatoes. In fact, the Black Axe gang has been on the radar, and incredibly successful for years, with the Irish Garda having as of last year some 1,000 on a suspect list and sometimes busting up to 300 persons at a time. Additionally, the gang easily could score some EUR 50-100 mln a year, primarily using the email-break in scam, with proceeds then diverted to the UK and Portugal.

Then again, even that estimate may be on the downside, with the Sun noting that Irish fraud exceeded EUR 200 mln a year in 2023—and that was 40 percent under the norm.

Finally, the gang members have hardly always been Nigerian, and they were not afraid to recruit other nationalities and specialists to make their business-targeted scams work. Tied to the Black Axe have been a wide assortment of nationalities all carving out painful and damaging pieces of the pie.

Yet sorting out just who is who can also be problematic, as evidenced by local… successes on the part of Central European police forces. In one case that I highlighted approximately a year ago, the Polish CBSP shut down a local phone-app scam group, but remarkably, of the nearly 30 persons arrested only two had ever met in person. Even more shocking—of the remaining suspects none knew the real identity other member so the group. They were all using nicknames and the deep web. Had the not been “brought together” by Polish police, they would have never gotten to know each other at all.

(I really do need a “sarcasm font” for these articles).

But hey, they’ve probably gotten to know each other by now.

But back to the international nature of the Black Axe, as well as other social engineering gangs. Some time back Yours Truly, together with two other Polish detectives were called to track a diverted truck of goods from a major company here. That truck went straight through France to the UK to a kind of illegal hub what saw surprising traffic. In the end, and in cooperation with a UK surveillance team, Yours Truly obtained photos of the gang--which had directed the truck driver to the equivalent of a junk yard after having intercepted him in cahoots with the security outfit at a legitimate logistics center.

In the end (but with quite a bit of pushing from our side), the UK Serious Fraud Squad became involved, but interesting was that it turned out that at least three other Polish companies had been hit. All by the same gang, which had not only broken into email chains, but also which had at least in one case used a Polish insider to understand the payment system and signoffs in the victimized company.

And then there was the rather bizarre turn of events that say Yours Truly speaking on the phone with a Nigerian scammer who believed that yes, this investigator was a Polish truck driver lost on the way to the illegal hub.

In short, manufacturers take note: stick to your processes. Look out for “rush orders” that seem to be exceptions. Hire IT staff who actively monitor mail traffic and if there are even the slightest of doubts (for example, a strange bump in orders prior to long weekends) and take a second look at email addresses and websites of those who you believe to be bona-fide partners.

And make sure your logistics teams know there will never, ever be any diversion from delivery routes. Logistics centers will simply never be too full.

Otherwise… yes, a detective born in Texas speaking to a Nigerian in the UK about a diverted haul of goods that should have been originally bound to an Irish company. And the entire conversation was in Polish. (Ok, the Nigerian did have a bit of help from some unknown Polish female translator, but give him credit, he did speak a bit of Polish as well).

It's a strange world, my friends. Strange job as well.

Preston Smith is a licensed investigator based in Gdansk, Poland. He can be reached at query@cddi.pl.

Illustration of the Sicilian Mafia under arrest circa 1903 by Kurzon, Public domain, via Wikimedia Commons.

Leave a Comment

Your email address will not be published.

Start typing and press Enter to search