An international law enforcement collaboration believes it has apprehended the ringleader behind a wave of online scams that stole more than $60 million over a three-month period from businesses and individuals across the globe.
The suspect was a 40-year-old Nigerian citizen, sources briefed on the matter told Fortune. The man, left unnamed due to the ongoing nature of the investigation, allegedly led a network of 40 coconspirators based in Nigeria, Malaysia, and South Africa that helped carry out a variety of lucrative cybercriminal schemes. The suspect also allegedly orchestrated money launderers in China, Europe, and the U.S.
Get Data Sheet, Fortune’s technology newsletter.
Two of the suspect’s main scams involved what’s known as business email compromise and CEO fraud. In the first, the fraudsters hijacked or spoofed a supplier’s email address, requested payments from target businesses, and directed the funds to phony bank accounts. In the second, the scammers—pretending to be top execs—sent emails to unwitting employees requesting fraudulent wire transfers.
Nine of the diverted payments exceeded $100,000 a piece, an investigator told Fortune. One case alone lost an organization $15.4 million.
Interpol and Nigeria’s economic and financial crime commission arrested the suspect in the Nigerian city of Port Harcourt in June, according to the authorities. Interpol said it first received a tipoff about the alleged scammer through a report provided by Trend Micro (TMICY), a cybersecurity firm based in Japan. That information, supplemented with threat intelligence sourced from the Sunnyvale, Calif.-based cybersecurity firm Fortinet (FTNT), enabled the team to identify and catch the alleged crook.
For more on cybercrime, watch:
“The financial gains for cybercrime are ludicrous,” Derek Manky, global security strategist at Fortinet, told Fortune on a phone call. In April the Federal Bureau of Investigation warned businesses that online scams of the type described above have been on the rise, costing organizations more than an estimated $2.3 billion between Oct. 2013 and Feb. of this year.
“You have to sever the head,” Manky said. “You have to go from top to bottom taking out the kingpins to take out organized crime.”
Noboru Nakatani, executive director of Interpol’s Global Complex for Innovation, an R&D facility based in Singapore, advised businesses in a statement to follow basic security measures, such as implementing two-factor authentication along with other means of verifications to avoid falling victim to similar schemes. He added: “Arrests like this are made possible by partnerships between members of the security community which come together with the common goal of making the internet a safer place.”
“The success of this operation is the result of close cooperation,” echoed Abdul Chukkol, head of the Nigerian commission’s cybercrime unit, in a statement.
Another man, a 38-year-old allegedly involved in the cybercriminal operation, was arrested as part of the sting as well. The pair of suspects, currently on bail, face charges for hacking, conspiracy, and obtaining money under false pretenses, according to statements provided to Fortune.