Anti-Money Laundering (AML) , Business Email Compromise (BEC) , Email Threat Protection

3 Men Charged by US DOJ With Laundering BEC Proceeds

1 Alleged Co-Conspirator Was Employed by Bank of America, TD Bank
3 Men Charged by US DOJ With Laundering BEC Proceeds
Business email compromise attack timeline (Image source: FBI)

The U.S. Attorney's Office for the Eastern District of Virginia has indicted three men - including an ex-employee of Bank of America and TD Bank - with money laundering and aggravated identity theft after the men allegedly conducted an extensive business email compromise scheme.

See Also: OnDemand | Combatting Rogue URL Tricks: How You Can Quickly Identify and Investigate the Latest Phishing Attacks

According to the DOJ, the three men - Onyewuchi Ibeh, 21, of Bowie, Maryland; Jason Joyner, 42, of Washington, D.C.; and Mouaaz Elkhebri, 30, of Alexandria, Virginia - laundered over $1.1 million funds obtained fraudulently from at least five victim businesses that fell for the BEC scheme.

The affidavit filed by Ethan Papish, a special agent of the United States Secret Service commissioned by the Cyber Fraud Task Force, says that the fraud was uncovered during a joint investigation between the USSS and the United States Postal Inspection Service that began in August 2019.

The affidavit also says that a fourth man, Anthony Ayeah, was a co-conspirator but his attorney, Drew Hutcheson, tells Information Security Media Group that Ayeah "has agreed to extensions of indictment" and was "not named in this recent indictment" because he and Hutcheson are "considering how best to proceed."

Between January 2018 and March 2020, the co-conspirators targeted employees of several large and small businesses across different industries with their BEC attacks, Papish says in the affidavit. He adds that their primary targets were employees who had access to their company's financials.

The co-conspirators would "trick [the employees] into making wire transfers to bank accounts thought to belong to legitimate business partners, when in fact, the money was fraudulently misdirected and deposited into accounts controlled by the conspirators," Papish says.

The DOJ states that Ibeh, Joyner and Elkhebri each had a well-defined role in the scheme. It says Ibeh managed the money laundering, Joyner withdrew the proceeds of the fraud in cash and delivered it to the other two conspirators, and Elkhebri opened bank accounts that could be used for wire transfer.

According to Elkhebri's employment records, which were shared in the affidavit, he worked as a personal banker and relationship manager in Bank of America from 2015 until 2017. He then joined TD Bank, where he worked through 2018. According to the affidavit, documents from both banks show that during his tenure, Elkhebri abused his power as a bank employee to open multiple accounts for the co-conspirators.

How the Attack Worked

In the affidavit, Papish explains how the conspirators successfully wired $356,954.

The fraudsters are accused of having used an email deception technique by registering look-alike domain names (i.e., with misspellings using an additional letter or symbol). Using this typosquatting technique, they impersonated and gained the trust of both the victim and their business partner and further used the domains to communicate with the business partners and the victim, according to the affidavit.

After building sufficient trust with both parties, the co-conspirators posed as business partners and requested the victim to change the bank account number where funds are transferred during their routine transactions to a fraudulent wire transfer account, the affidavit says.

Believing these emails were legitimate communication with their business partners, the victim company transferred funds to the changed account, Papish writes in the affidavit, citing the findings from the joint investigation interview that involved the victim company's president and chief financial officer.

The incident took place between October 2018 and December 2018. The victim realized something was amiss and made a complaint in January 2019, the affidavit says.

BEC Is the Costliest Threat

According to IC3, the FBI's central repository for the collection of internet crime complaints, BEC schemes were the costliest schemes in 2020, with 19,369 complaints and an adjusted loss of approximately $1.8 billion. That is almost at par with the monetary losses faced in 2019 due to BEC attacks (see: FBI: BEC Losses Totaled $1.7 Billion in 2019).

The FBI also notes BEC or email account compromise - EAC - is "one of the most financially damaging online crimes," and has thus regularly published tips and resources for taking preventive measures against it.

Nigeria Leads in BEC Schemes

According to a 2020 white paper titled "Threat Intelligence Brief: The Geography of BEC" by the Agari Cyber Intelligence Division, 50% of the threat actors that the company located were in Nigeria, followed by the U.S. with 25% (see: More BEC Criminal Gangs Are Based in US).

In November 2020, Interpol, along with Nigerian law enforcement agencies and Russian cybersecurity firm Group-IB, uncovered a massive Nigerian business email compromise gang, dubbed TMT, that targeted more than 500,000 companies and was active across more than 150 countries (see: Interpol Busts Massive Nigerian BEC Gang).

In February 2021, a Nigerian national was sentenced to 10 years in prison after pleading guilty to taking part in a business email compromise operation that extorted $11 million from its victims, according to the U.S. Department of Justice (see: Nigerian Gets 10-Year Sentence for BEC Scam).


About the Author

Mihir Bagwe

Mihir Bagwe

Principal Correspondent, Global News Desk, ISMG

Bagwe previously worked at CISO magazine, reporting the latest cybersecurity news and trends and interviewing cybersecurity subject matter experts.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing inforisktoday.eu, you agree to our use of cookies.