The Federal Bank That Could Not Be Robbed - SWIFT


Long before it evolved into a slick corporate Business Email Compromise / BEC.

Ultrascan investigated an ID Theft niche market for organised crime, the sending of correspondent bank payment instructions to Treasury departments of Federal Reserve and Central Banks.

Ultrascan AGI business email compromise BEC

Ultrascan / ID theft in Central Banks

Central Bank to Federal Reserve Bank Treasury ID Theft

Ultrascan AGI / Since 1996

Impersonating authorized bank officers of treasury departments, to send payment orders to (National Reserve) correspondent banks, is a specialist wire fraud problem


Ultrascan AGI / Since 1996

- Between October 2010 and December 2012 Ultrascan-KPO investigated fraudulent payment orders to treasury departments of 26 correspondent banks on 4 continents, of which 21 National Reserve banks. 

- Amounts varied between $98,000.00 and $530,000.00 in local currency.

- Banks confirmed, that the calls/fax/mails are coming directly into the appropriate officer and are NOT going through the switchboard. This creates several problems, messages not being recorded, etc.

- All contact information is only available to treasury staff, that is on their computer.

Ultrascan Techint and Humint investigations revealed:

- The IT service department, Laptops, PC's, personal and business eco systems, Treasurers signatures, current contact lists and signatures of bank division managers are compromised.

- The fraudsters researched and confirmed information through HUMINT in conversations with correspondent Banks. Learning the issues and changing their attacks based on what they got on the phone.

- Fraudsters impersonated authorized officers from "the Nostro department", called the correspondent bank treasury, explaining that they were experiencing SWIFT issues at this time.

- Minutes later, the fraudster send a fax and/or email attachment - As a result of a swift outage we are experiencing, kindly accept and execute this MT202 payment order for today's value date - on official letterhead, with validated names and signatures.

- The technical support for phone/fax numbers, email and IP addresses was covered by anonymity proxy services and paid for by a Nigerian citizen in Lagos.

- Money-laundering was coordinated via a global network of (419) Advance Fee Fraud scammers who, either direct or via money mules, operated bank accounts under befitting names in South Africa, Japan, China, Canada and several European countries.

- Over 60 beneficiary bank accounts were operated by money mules or independent business associates of the ultimate beneficiaries.

- The 3 ultimate beneficiaries originated from Nigeria, West Africa. One of them specialised in ID theft and 'bank to bank wire fraud' since 2003.

- For a large part a confidence fraud making use of the culture of confidentiality within Reserve Banks and bank treasury departments and a high level of trust between correspondent banks.

- For several reasons the perfect crime with a very Low Probability of Detection and an even lower probability of 'public prosecution'.

- ......

We recommended both internal and external solutions that led to prevention, mitigation and disruption of the fraud organisation.


FYI - At SWIFT they see as key element "attackers concealing their fraudulent messaging activity on customers’ local systems" which is true, but only secondary to the insider disgruntled employee they did not yet Identify.

Central Banks robbed in 2016:

- Malware suspected in Bangladesh bank heist: officials

- Bangladesh Central Bank Found $100 Million Missing After a Weekend Break

Subsidiaries of international research organization with over 3280 experts in 69 countries

Ultrascan Research


Examples of case research into various topics and alerts from the Ultrascan group and associates

Ultrascan Humint


Ultrascan HUMINT have primary sources, extensive experience with identifying, locating, mapping, monitoring, analysing and predicting perpetrators of money laundering and the planning, funding, communications and support of terrorism.

Ultrascan FIU


Ultrascan FIU Financial Intelligence Unit - A mixture of intelligence gathering, investigations, reputational risk mitigation and Innovative Technology in line of objectives. Focused on external information and stakeholder engagement, to detect exposure to financial crime risk.

Ultrascan Interactive Research Intelligence and Analysis BRAINS


Intelligence and Analysis. Wander Around in our Detailed Global Interactive Research - Criminal and financial relationships visualized - Non-linear - visualizes knowledge like you've never seen before - AML KYC FIU - Business Solutions - Innovative Technology