In Latvia, the State Police have begun a criminal investigation related to a significant phishing scheme that has incurred losses of more than 317,600 euros. The investigation, which started in 2024, revealed that criminals compromised company email accounts, leading to substantial financial damages. Efforts to identify additional incidents are ongoing, and investigators are continuing to reach out to potentially affected companies.

The investigation has seen the collaboration of the State Police with Europol as they tackle this extensive cybercrime. The phishing platform, identified as "Tycoon2FA," has been operating since at least August 2023 and is regarded as one of the largest phishing operations globally. It provided cybercriminals with a toolkit designed for intercepting online authentication sessions, allowing them to secretly access email and cloud service accounts of businesses.

Utilizing this unauthorized access, the perpetrators infiltrated corporate communications and at strategic moments altered the details in invoices or replaced genuine invoices with fraudulent ones, thereby diverting payments to their accounts. Each month, the platform facilitated the distribution of tens of millions of phishing attempts, highlighting the extensive nature of this cyber threat and the financial risks it poses to businesses.