The US government announced on 05 June 2024 that it had filed a civil forfeiture action to recover more than $5.3 million lost by a Massachusetts workers union in a business email compromise (BEC) scam. The unnamed union in Dorchester lost the money in January 2023 when cybercriminals sent it an email that appeared to come from a trusted investment consulting firm. The scammers used a spoofed email address to trick the workers union into believing that the investment consulting firm was requesting the transfer of $6.4 million to a bank account different from the one they had previously specified.[1]
See: https://redskyalliance.org/xindustry/cyber-criminals-using-bec
The workers union’s employees complied with the fraudsters’ request and wired the money to their account. The fraudsters then transferred the funds through a series of intermediary bank accounts. While some money was sent to cryptocurrency exchanges and bank accounts in Hong Kong, China, Singapore, and Nigeria, roughly $5.3 million was traced to JPMorgan Chase and Texas Bank and Trust bank accounts. Six accounts at JPMorgan Chase and one at Texas Bank and Trust have been seized by authorities now seeking the forfeiture of the illegally obtained funds.
A complaint made public by the US Justice Department shows that money mules made several rapid transfers between some of these accounts and dispersed funds to multiple accounts, which investigators say was an effort to conceal the source of the money. “BEC fraud schemes present a serious threat to businesses and individuals nationwide, causing significant financial and emotional harm to victims by exploiting trusted communication channels they rely upon daily,” said Acting US Attorney Joshua S. Levy. “Today’s civil forfeiture action demonstrates that when victims report such misconduct to the authorities, there may be steps we can take to recover stolen funds.”
The brains of the scam, an individual or group, recruited money mules to help them carry out the fraud and launder the proceeds through various offshore accounts. It is unknown whether these mules knew the full context behind the scam. Still, authorities know they received messages via Google Chat and WhatsApp in or around September 2022 promising a "gift" for them being held in a European bank account. These messages seemingly convinced the mules that complying with the BEC scammer's instructions would yield a handsome payout.
They took out seven US bank accounts, from which various sums were transferred. Prosecutors say many of these transactions appeared to have no purpose and bore the hallmarks of attempts to conceal the source of funds before they were assigned to offshore accounts. "This money movement displays the hallmarks of intent to conceal or disguise the source of funds: the account holder did not know the source of the funds, was being directed by the unknown perpetrator, and moved the funds rapidly between multiple accounts, with no discernible purpose," the complaint reads.
This article is presented at no charge for educational and informational purposes only.
Red Sky Alliance is a Cyber Threat Analysis and Intelligence Service organization. Our services can help detect cyber threats and vulnerabilities. For questions, comments, or assistance, please get in touch with the office directly at 1-844-492-7225 or feedback@redskyalliance.com
Reporting: https://www.redskyalliance.org/
Website: https://www.redskyalliance.com/
LinkedIn: https://www.linkedin.com/company/64265941
Weekly Cyber Intelligence Briefings:
REDSHORTS - Weekly Cyber Intelligence Briefings
https://register.gotowebinar.com/register/5378972949933166424
[1] https://www.securityweek.com/us-authorities-attempting-to-recover-5-3-million-stolen-in-bec-scam/
Comments