2 min read

Bank of America employee indicted for email scam that targeted businesses

Graham CLULEY

October 12, 2021

Ad One product to protect all your devices, without slowing them down.
Free 90-day trial
Bank of America employee indicted for email scam that targeted businesses

A gang of three men has been charged with laundering the proceeds of a Business Email Compromise (BEC) scam and identity theft by the US District Court for the Eastern District of Virginia.

BEC is nothing new. Scammers access the email systems of employees (via techniques including social engineering, phishing, and malware), and can spend months learning about a company's relationship with vendors and clients before tricking firms into making payments into bogus accounts.

It's one of the most serious threats facing organizations today, with the FBI estimating it caused over $1.8 billion worth of losses to businesses last year.

But the additional element in this particular case is that one of the men alleged to have been involved in the BEC scam was themselves employed at Bank of America and TD Bank employee between 2015 and 2018.

30-year-old Mouaaz Elkhebri, of Alexandria, Virginia, is alleged to have exploited his position at the banks to help scam five businesses out of more than $1.1 million.

According to prosecutors, Elkhebri's alleged role in the plot was to open multiple bank accounts that pretended to belong to legitimate companies, as well as accounts for other members of the gang.

One of those alleged co-conspirators, 21-year-old Onyewuchi Ibeh, of Bowie, Maryland, is accused of tricking firms into transferring funds into the bogus bank accounts.  This is said to have included the employment of lookalike domains to make email communications to targeted companies from supposed suppliers appear more authentic.

A third alleged member of the gang, Jason Joyner, 42, of Washington, DC, is said to have been responsible for the withdrawal of proceeds of the fraud in cash, for distribution amongst the group.

Prosecutors claim that the group targeted companies in the United States and around the world, sometimes defrauding their victims out of hundreds of thousands of dollars.

One of those victims, according to the authorities, was a Boston-based company that says it was defrauded of $356,954 in December 2018.

In the course of the police investigation, logs from the banks were analyzed to determine the IP addresses of computers logging into bank accounts, and CCTV footage was analyzed in an attempt to identify individuals who had accessed bank ATMs to withdraw money.

If convicted, Ibeh and Joyner could each face up to 20 years in prison. If convicted of all the charges against him, Elkhebri is facing a maximum possible penalty of 52 years in prison.

However, it is common for the actual sentences for federal crimes to be less than the maximum penalties.

Cases like this can act as a timely reminder for organizations to train their staff about the risks of BEC, and put processes and technology in place to reduce the chances of falling victim.

tags


Author



Right now

Top posts

The Holiday Guide to Tech Support: Fixing the Family Computer

The Holiday Guide to Tech Support: Fixing the Family Computer

November 24, 2021

2 min read
Bitdefender Celebrates 20 Years of Cybersecurity Leadership

Bitdefender Celebrates 20 Years of Cybersecurity Leadership

November 04, 2021

3 min read
Bitdefender Study Reveals How Consumers Like (and Dislike) Managing Passwords

Bitdefender Study Reveals How Consumers Like (and Dislike) Managing Passwords

October 26, 2021

3 min read
What are drive-by download attacks and how do you prevent them?

What are drive-by download attacks and how do you prevent them?

October 25, 2021

2 min read
Criminals Can't Wait to Add Your IoT Device to Their DDoS Networks

Criminals Can't Wait to Add Your IoT Device to Their DDoS Networks

October 22, 2021

2 min read
Six in 10 Consumers Faced a Cyber Threat in 2021, New Bitdefender Study Reveals

Six in 10 Consumers Faced a Cyber Threat in 2021, New Bitdefender Study Reveals

October 20, 2021

3 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

Sydney Resident Charged for Stealing Over $100,000 in Smishing Attacks Targeting Bank and Telecoms Customers Sydney Resident Charged for Stealing Over $100,000 in Smishing Attacks Targeting Bank and Telecoms Customers
Alina BÎZGĂ

November 29, 2021

1 min read
Why you should scrutinize shipping confirmation emails this holiday season Why you should scrutinize shipping confirmation emails this holiday season
Alina BÎZGĂ

November 25, 2021

2 min read
Phishing Emails Lure Black Friday Shoppers with Fake Best Buy, Kohl’s and Ace Hardware Gift Card Giveaways Phishing Emails Lure Black Friday Shoppers with Fake Best Buy, Kohl’s and Ace Hardware Gift Card Giveaways
Alina BÎZGĂ

November 24, 2021

2 min read