Interpol halts $40M business compromise heist in a largest-ever recovery


After a commodity firm in Singapore fell victim to a business email compromise scam and transferred $42.3 million to a fake supplier, police, with the help of Interpol, have intercepted the money in East Timor (Timor-Leste) in the largest-ever recovery.

Cybercriminals impersonated a supplier and sent a fraudulent email to the targeted firm on July 15th. They requested a pending payment to be sent to a new bank account based in Timor Leste.

The fraudulent account was spelled slightly differently than the real supplier’s official email address.

The firm, unaware, transferred $42.3 million on July 19th. Only four days later, it discovered the scam when the genuine supplier said it had not received the payment and filed a report with the police.

The Singapore Police Force (SPF) swiftly requested assistance from authorities in Timor Leste through Interpol's Global Rapid Intervention of Payments (I-GRIP) mechanism. I-GRIP speeds up police requests for assistance in financial crime cases in 196 countries.

Two days later, on July 25th, the SPF received confirmation that $39 million was detected and withheld from the fake supplier’s bank account. Timor Leste authorities also arrested seven suspects through follow-up investigations, leading to the further recovery of more than $2 million.

“Steps are being taken for the return of the stolen funds to the victim in Singapore,” the press release reads.

Interpol’s I-GRIP mechanism has helped law enforcement intercept hundreds of millions of dollars in illicit funds since its launch in 2022, according to a press release.

Some notable cases include funds recoveries in the early years of the COVID-19 pandemic, such as $3.4 million transferred from an Italian company in September 2020 for non-existent medical equipment in Indonesia. In 2024, I-GRIP helped to intercept $331,000 in a business email compromise fraud involving a Spanish victim who transferred money to Hong Kong, China.