Category Archives: Business Email Compromise (BEC)

The Justice Department is ramping up its crackdown on money mules

Posted on by

U.S. law enforcement recovered nearly $3.7 million in fraud proceeds and charged more than 30 individuals for their alleged involvement in receiving or transferring illicit proceeds over the past 10 weeks. The arrests, announced Friday, were part of the Justice Department’s “Money Mule Initiative,” which is aimed at cracking down on Americans who assist international fraudsters in moving funds from victims of a wide variety of fraud efforts, including romance scams and business email compromise schemes. The initiative in total targeted 4,757 individuals involved in “money mule” activity, more than twice the number of individuals reached by last year’s initiative. Actions were taken in all 50 states. Twenty-five members of Europol also cooperated in the action. “Every time an individual who has previously been operating as a money mule stops doing so, foreign fraudsters are forced to expend time and effort rebuilding that infrastructure differently,” said a Justice Department official […]

The post The Justice Department is ramping up its crackdown on money mules appeared first on CyberScoop.

Continue reading The Justice Department is ramping up its crackdown on money mules

Months-long Interpol crackdown nets more than 1,000 online fraud arrests

Posted on by

An Interpol operation to combat online fraud concluded with the arrests of 1,003 people and the interception of $27 million in illicit funds, according to the international police organization, which conducted the crackdown alongside 20 countries. Waged from June to September of this year, “Operation HAECHI-II” targeted online crime like romance scams, investment fraud and money laundering associated with illegal online gambling. But it also turned up a business email compromise scheme in Colombia and led to alerts about malware tied to the popular Netflix show “Squid Game.” Interpol said the crackdown demonstrated how cybercrime has risen to new levels since the outbreak of the coronavirus. It’s the latest international warning about how the pandemic has fueled a crime wave, even setting aside attacks targeting the health care sector or exploiting COVID-19 that have flourished over the past two years. “The results of Operation HAECHI-II show that the surge in […]

The post Months-long Interpol crackdown nets more than 1,000 online fraud arrests appeared first on CyberScoop.

Continue reading Months-long Interpol crackdown nets more than 1,000 online fraud arrests

Former TD Bank, Bank of America employee allegedly helped email scammers launder money

Posted on by

An accused money launderer allegedly used his position as an employee at Bank of America and TD Bank to aid an email fraud scheme that scammed five businesses out of more than $1 million. The U.S. Department of Justice announced Thursday that a grand jury had returned an indictment against three men — Onyewuchi Ibeh, Jason Joyner and Mouaaz Elkhebri — charging them with money laundering and aggravated identity theft. The defendants allegedly operated a business email compromise scheme, in which thieves pose as a business or associate in an email then ask a victim to wire up to hundreds of thousands of dollars at a time. Elkhebri, a 30-year-old resident of Alexandria, Va., used inside access at Bank of America (where he worked as a personal banker and relationship manager from 2015 through 2017) and then TD Bank (where he worked from 2017 through 2018) to open multiple accounts […]

The post Former TD Bank, Bank of America employee allegedly helped email scammers launder money appeared first on CyberScoop.

Continue reading Former TD Bank, Bank of America employee allegedly helped email scammers launder money

Police say scammers who used email fraud, SIM swapping are connected to Italian mafia

Posted on by

Police in Europe have arrested more than 100 people who allegedly stole more than $11 million in a years-long fraud operation that law enforcement officials have linked to an Italian mafia group. Officials in Italy and Spain arrested 106 suspects who are accused of using phishing, credit card fraud and other cybercrime techniques in conjunction with drug trafficking and property crime, according to the European law enforcement agency Europol. Thieves used business email compromise schemes and SIM swapping — in which scammers take control of a victim’s phone number to steal sensitive information — before laundering the funds via a network of shell companies and money mules, police said in a statement Monday. The bust is the latest evidence hinting at the extent to which established organized crime groups are adopting the methods typically used by hackers. While scammers are known to operate in loose crime rings in Russia, Nigeria […]

The post Police say scammers who used email fraud, SIM swapping are connected to Italian mafia appeared first on CyberScoop.

Continue reading Police say scammers who used email fraud, SIM swapping are connected to Italian mafia

European police round up 23 suspected scammers accused of $1.2 million fraud

Posted on by

An international police sting netted 23 arrests in three countries of suspects behind a business email compromise scheme that last year turned to capitalizing on COVID-19 fears, Europol announced on Wednesday. Together, the fraudsters are believed to have stolen at least $1.2 million from companies in 20 countries, mainly European and Asian nations, the European Union police agency said. The scheme relied on use of compromised email accounts for advance-payment fraud, Europol said. The suspects created fake emails and websites that resembled those of legitimate companies to trick victims into placing orders with them. They then laundered financial data through Romanian bank accounts to ultimately withdraw money from ATMs. “The fraud was run by an organised crime group which prior to the COVID-19 pandemic already illegally offered other fictitious products for sale online, such as wooden pellets,” Europol’s announcement said. “Last year the criminals changed their modus operandi and started […]

The post European police round up 23 suspected scammers accused of $1.2 million fraud appeared first on CyberScoop.

Continue reading European police round up 23 suspected scammers accused of $1.2 million fraud

Houston man sentenced to 7 years for attempted $2 million romance scam

Posted on by

A U.S. federal judge sentenced a Nigerian national to 87 months in prison for his role in trying to steal more than $2 million from victims via romance scams and spoofed email requests for wire transfer payments. The judge on Wednesday also ordered Akhabue Ehis Onoimoimilin, who lives in Houston, to pay back nearly $900,000 to victims of the money laundering scheme to which he pleaded guilty. The indictment in the case indicates that Onoimoimilin and a co-defendant, whose name is redacted, caused $1.7 million in actual losses from the scheme. Onoimoimilin’s role involved opening bank accounts in the name of “David Harrison” to launder money for co-conspirators. Law enforcement identified more than $400,000 in attempted losses in the accounts, for which Onoimoimilin received 10 to 15% of the funds. Onoimoimilin opened the accounts in 2015, according to prosecutors. The indictment offers few details on the romance and business email […]

The post Houston man sentenced to 7 years for attempted $2 million romance scam appeared first on CyberScoop.

Continue reading Houston man sentenced to 7 years for attempted $2 million romance scam

Is Multifactor Authentication Changing the Threat Landscape?

Posted on by

Changes to the cybersecurity threat landscape are constant and dynamic: threat actor groups come and go, alter tactics, techniques and procedures (TTPs) and adjust to new defensive mechanisms. Over time, both cyber criminal gangs and nation-state actors endure arrests and swap individuals in what can appear to be an ongoing arms race between good and […]

The post Is Multifactor Authentication Changing the Threat Landscape? appeared first on Security Intelligence.

Continue reading Is Multifactor Authentication Changing the Threat Landscape?

Wine scams spiked during COVID-19 lockdown

Posted on by

Absolute monsters. Wine-themed domain registrations rose once COVID-19 lockdowns took hold, some of them malicious and used in phishing campaigns, Recorded Future and Area 1 Security said in a joint report out Wednesday. “As the interest in virtual happy hours and get-togethers increased so did the increase in wine-themed domain registrations,” the report states. Amid the COVID outbreak, alcohol has proven itself a target for hackers — but it hasn’t been clear before that scammers were trying to exploit people who were staying home and imbibing more. Alcohol delivery service Drizly, for instance, suffered a breach in July, while ransomware hit liquor and wine maker Brown-Forman around the same time. Recorded Future observed a mild jump in wine domain registrations in March of 2020, from the usual 3,000 to 4,000 per month up to nearly 5,500. April saw a bigger leap, to almost 7,200, and the numbers took off in […]

The post Wine scams spiked during COVID-19 lockdown appeared first on CyberScoop.

Continue reading Wine scams spiked during COVID-19 lockdown

BEC scammer infects own device, giving researchers a front-row seat to operations

Posted on by

In some media portrayals, criminal and state-backed hackers are invariably depicted as cunning and sophisticated, gliding inexorably toward their latest data heist. Reality is murkier. These digital operatives are, of course, human and prone to mistakes that expose their activity. A North Korean man accused of hacking Sony Pictures Entertainment in 2014, for example, mixed his real identity with his alias in registering online accounts, making it easier for U.S. investigators to track him. The most recent example of bumbling digital behavior occurred when a scammer infected their own device, offering researchers a front-row seat to the attacker’s scheme and lessons  in how to defend against it. “This is a big failure in their operational security as it gives us direct insight into some of the attacker’s tactics and operation,” said Luke Leal, a researcher at web security firm Sucuri, which made the discovery. The attacker was trying to carry […]

The post BEC scammer infects own device, giving researchers a front-row seat to operations appeared first on CyberScoop.

Continue reading BEC scammer infects own device, giving researchers a front-row seat to operations

Nigerian man sentenced 10 years for $11 million phishing scam

Posted on by

A Nigerian national, Obinwanne Okeke, has been sentenced to 10 years in prison for allegedly coordinating an international spearphishing campaign that has cost victims approximately $11 million in losses. The scheme, which lasted from 2015 to 2019, targeted Unatrac Holding Limited, a British firm that acted as the export sales office for Caterpillar, with fake invoices and wire transfer requests. The FBI opened an investigation into the alleged scam in 2018 after Unatrac raised alarm about an email compromise operation that had targeted the firm, according to court documents. The scheme collected the credentials of hundreds of victims over the course of the operation, according to the FBI press release on the matter. It’s the kind of business email compromise scam that plagues businesses around the world. There were $1.7 billion worth of losses caused by BEC scams in 2019 alone, the most recent year the FBI has published data […]

The post Nigerian man sentenced 10 years for $11 million phishing scam appeared first on CyberScoop.

Continue reading Nigerian man sentenced 10 years for $11 million phishing scam