2 min read

Bank of America employee indicted for email scam that targeted businesses

Graham CLULEY

October 12, 2021

Ad One product to protect all your devices, without slowing them down.
Free 90-day trial
Bank of America employee indicted for email scam that targeted businesses

A gang of three men has been charged with laundering the proceeds of a Business Email Compromise (BEC) scam and identity theft by the US District Court for the Eastern District of Virginia.

BEC is nothing new. Scammers access the email systems of employees (via techniques including social engineering, phishing, and malware), and can spend months learning about a company's relationship with vendors and clients before tricking firms into making payments into bogus accounts.

It's one of the most serious threats facing organizations today, with the FBI estimating it caused over $1.8 billion worth of losses to businesses last year.

But the additional element in this particular case is that one of the men alleged to have been involved in the BEC scam was themselves employed at Bank of America and TD Bank employee between 2015 and 2018.

30-year-old Mouaaz Elkhebri, of Alexandria, Virginia, is alleged to have exploited his position at the banks to help scam five businesses out of more than $1.1 million.

According to prosecutors, Elkhebri's alleged role in the plot was to open multiple bank accounts that pretended to belong to legitimate companies, as well as accounts for other members of the gang.

One of those alleged co-conspirators, 21-year-old Onyewuchi Ibeh, of Bowie, Maryland, is accused of tricking firms into transferring funds into the bogus bank accounts.  This is said to have included the employment of lookalike domains to make email communications to targeted companies from supposed suppliers appear more authentic.

A third alleged member of the gang, Jason Joyner, 42, of Washington, DC, is said to have been responsible for the withdrawal of proceeds of the fraud in cash, for distribution amongst the group.

Prosecutors claim that the group targeted companies in the United States and around the world, sometimes defrauding their victims out of hundreds of thousands of dollars.

One of those victims, according to the authorities, was a Boston-based company that says it was defrauded of $356,954 in December 2018.

In the course of the police investigation, logs from the banks were analyzed to determine the IP addresses of computers logging into bank accounts, and CCTV footage was analyzed in an attempt to identify individuals who had accessed bank ATMs to withdraw money.

If convicted, Ibeh and Joyner could each face up to 20 years in prison. If convicted of all the charges against him, Elkhebri is facing a maximum possible penalty of 52 years in prison.

However, it is common for the actual sentences for federal crimes to be less than the maximum penalties.

Cases like this can act as a timely reminder for organizations to train their staff about the risks of BEC, and put processes and technology in place to reduce the chances of falling victim.

tags


Author



Right now

Top posts

Ultimate Privacy Guide for Your Facebook Account

Ultimate Privacy Guide for Your Facebook Account

August 31, 2021

6 min read
7 Signs It’s Time to Use Parental Controls On Your Family’s Devices

7 Signs It’s Time to Use Parental Controls On Your Family’s Devices

August 27, 2021

2 min read
Your Netflix Account May Be on Sale on Darkweb. Protect It

Your Netflix Account May Be on Sale on Darkweb. Protect It

August 13, 2021

3 min read
E-mails claiming your computer was hacked and your privacy exposed - what you need to know (spoiler: you can relax - they’re bluffing)

E-mails claiming your computer was hacked and your privacy exposed - what you need to know (spoiler: you can relax - they’re bluffing)

July 29, 2021

5 min read
Watch Out for These Ongoing Bank of America Phishing Campaigns Targeting Customers in the US

Watch Out for These Ongoing Bank of America Phishing Campaigns Targeting Customers in the US

July 16, 2021

3 min read
How to protect yourself against cyberstalking

How to protect yourself against cyberstalking

July 06, 2021

2 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

WhatsApp Users Can Enable End-To-End Encrypted Chat Backups on iOS and Android Devices WhatsApp Users Can Enable End-To-End Encrypted Chat Backups on iOS and Android Devices
Alina BÎZGĂ

October 15, 2021

1 min read
Google gives away 10,000 free security keys to high-risk users Google gives away 10,000 free security keys to high-risk users
Graham CLULEY

October 12, 2021

2 min read
Bank of America employee indicted for email scam that targeted businesses Bank of America employee indicted for email scam that targeted businesses
Graham CLULEY

October 12, 2021

2 min read