As per an indictment from the district court of Eastern Virginia, three men are charged with money laundering and identity theft cases, as they stole over $1.1 million between 2015 to 2018, through BEC scams. The three men used phishing attacks and malware to compromise the email credentials of employees, belonging to small and large companies in the US. They then studied the workflow carefully to craft a plan, that would divert the supposed fund to their bank accounts.
A Classic Business Email Compromise Scam
BEC (Business Email Compromise) is a scheme where malicious people intercept general financial transactions, by impersonating receivers and divert the flow of funds to their bank accounts. This would take off by compromising the receiver’s business email and contacting the sender to release the supposed funds to the said bank account. They may use various techniques like dropping malware, snooping, phishing attacks, etc to compromise the concerned email account. In today’s case, the US district court in Eastern Virginia has handed an indictment calling Onyewuchi Ibeh, Jason Joyner, and Mouaaz Elkhebri, as culprits of a classic business email compromise hack. These three men have allegedly infiltrated the networks of several small and large companies around the world, and in the US, between January 2018 and March 2020. They accessed the email accounts of critical employees and spent months learning the billing systems, style of communication, vendors, clients, etc. And once they’re done, they had sent bogus emails to financial transaction-handling employees, asking for releasing the supposed payment funds. They managed to gain over $1.1 million in this manner, with one transaction weighing about $356,954, sent by a victim. Each one of the three had a different role in processing the scam, with Elkhebri being the bank employee of TD and Bank of America, opened bank accounts for his partners. While the other two were involved in money laundering, withdrawing the funds from ATMs, and sending cash to others. And if found guilty, these two can face an imprisonment sentence of upto 20 years, with Elkhebri facing upto 54 years, maximum as per law.