2 min read

Bank of America employee indicted for email scam that targeted businesses

Graham CLULEY

October 12, 2021

Ad One product to protect all your devices, without slowing them down.
Free 90-day trial
Bank of America employee indicted for email scam that targeted businesses

A gang of three men has been charged with laundering the proceeds of a Business Email Compromise (BEC) scam and identity theft by the US District Court for the Eastern District of Virginia.

BEC is nothing new. Scammers access the email systems of employees (via techniques including social engineering, phishing, and malware), and can spend months learning about a company's relationship with vendors and clients before tricking firms into making payments into bogus accounts.

It's one of the most serious threats facing organizations today, with the FBI estimating it caused over $1.8 billion worth of losses to businesses last year.

But the additional element in this particular case is that one of the men alleged to have been involved in the BEC scam was themselves employed at Bank of America and TD Bank employee between 2015 and 2018.

30-year-old Mouaaz Elkhebri, of Alexandria, Virginia, is alleged to have exploited his position at the banks to help scam five businesses out of more than $1.1 million.

According to prosecutors, Elkhebri's alleged role in the plot was to open multiple bank accounts that pretended to belong to legitimate companies, as well as accounts for other members of the gang.

One of those alleged co-conspirators, 21-year-old Onyewuchi Ibeh, of Bowie, Maryland, is accused of tricking firms into transferring funds into the bogus bank accounts.  This is said to have included the employment of lookalike domains to make email communications to targeted companies from supposed suppliers appear more authentic.

A third alleged member of the gang, Jason Joyner, 42, of Washington, DC, is said to have been responsible for the withdrawal of proceeds of the fraud in cash, for distribution amongst the group.

Prosecutors claim that the group targeted companies in the United States and around the world, sometimes defrauding their victims out of hundreds of thousands of dollars.

One of those victims, according to the authorities, was a Boston-based company that says it was defrauded of $356,954 in December 2018.

In the course of the police investigation, logs from the banks were analyzed to determine the IP addresses of computers logging into bank accounts, and CCTV footage was analyzed in an attempt to identify individuals who had accessed bank ATMs to withdraw money.

If convicted, Ibeh and Joyner could each face up to 20 years in prison. If convicted of all the charges against him, Elkhebri is facing a maximum possible penalty of 52 years in prison.

However, it is common for the actual sentences for federal crimes to be less than the maximum penalties.

Cases like this can act as a timely reminder for organizations to train their staff about the risks of BEC, and put processes and technology in place to reduce the chances of falling victim.

tags


Author



Right now

Top posts

What is medical identity theft and how to protect against it

What is medical identity theft and how to protect against it

July 27, 2022

2 min read
Curious about Omegle? Here’s how the roulette-style chat platform can threaten your online privacy and security

Curious about Omegle? Here’s how the roulette-style chat platform can threaten your online privacy and security

July 07, 2022

5 min read
Identifying and Dealing with Online Bullying Is Not Impossible - School Presentation Inside

Identifying and Dealing with Online Bullying Is Not Impossible - School Presentation Inside

June 28, 2022

2 min read
Let’s Celebrate World Social Media Day by Improving Your Privacy and Security Online

Let’s Celebrate World Social Media Day by Improving Your Privacy and Security Online

June 28, 2022

3 min read
Bitdefender Reveals the Top Cyber Threats Faced by Consumers in 2021

Bitdefender Reveals the Top Cyber Threats Faced by Consumers in 2021

June 22, 2022

1 min read
Scam alert: Cybercrooks use shady investment domain to scam keen investors out of money and data

Scam alert: Cybercrooks use shady investment domain to scam keen investors out of money and data

May 24, 2022

3 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

US State Department Offers $10 Million Bounty for Tips on Conti Ransomware Members US State Department Offers $10 Million Bounty for Tips on Conti Ransomware Members
Alina BÎZGĂ

August 12, 2022

2 min read
Years after claiming DogWalk wasn't a vulnerability, Microsoft confirms flaw is being exploited and issues patch Years after claiming DogWalk wasn't a vulnerability, Microsoft confirms flaw is being exploited and issues patch
Graham CLULEY

August 11, 2022

1 min read
Creative scammers send their senior victim an Uber to take her to the bank Creative scammers send their senior victim an Uber to take her to the bank
Alina BÎZGĂ

August 11, 2022

2 min read