United States Files Forfeiture Action to Recover Over $5M of Funds Traceable to Business Email Compromise Scheme Targeting Massachusetts Workers Union
The Justice Department filed a civil forfeiture action today to recover approximately $5,315,746.29 of funds alleged to be proceeds of a business email compromise (BEC) scheme and property involved in the subsequent laundering of the proceeds.
According to the complaint, in January 2023, a workers union based in Dorchester, Massachusetts, was defrauded out of $6.4 million after it received a spoofed email, which appeared to be from its investment manager. The email allegedly changed the beneficiary bank account of the $6.4 million payment.
The complaint alleges that the email had the intended effect of misleading the workers union into transferring funds to a bank account controlled by someone other than the intended recipient.
The complaint further alleges that the fraudulently obtained funds were then transferred through a series of intermediary bank accounts, with some funds transferred, or attempted to be transferred, to a cryptocurrency exchange or to various bank accounts located in Hong Kong, China, Singapore, and Nigeria.
Investigators were able to trace proceeds of the scheme to seven domestically held bank accounts, the contents of which were subsequently seized.
Principal Deputy Assistant Attorney General Nicole M. Argentieri, head of the Justice Department’s Criminal Division; Acting U.S. Attorney Joshua S. Levy for the District of Massachusetts; and Special Agent in Charge William Mancino of the U.S. Secret Service made the announcement.
The U.S. Secret Service is investigating the case.
Trial Attorneys Jasmin Salehi Fashami and Adrienne E. Rosen of the Criminal Division’s Money Laundering and Asset Recovery Section and Assistant U.S. Attorney Matthew Lyons for the District of Massachusetts are prosecuting the forfeiture.
A BEC scheme is a type of sophisticated fraud scheme targeting businesses that use wire transfers as a form of payment. BEC schemes affect large global corporations, governments, and individuals, with current global daily losses estimated at approximately $8 million. Criminals compromise legitimate business email accounts through various hacking schemes, including social engineering and the use of malware.
Once a business email account is compromised, a fraudulent email is sent directing the recipient of the email to unwittingly transfer funds to an illicit account. Alternatively, criminals create “spoofed” email domain names to trick people into thinking they know the sender. An email domain name is the part of an email address that comes after the “@” symbol.
In email spoofing, one character in an email address is often changed or missing, thereby tricking the recipient. Criminals obtain and use privileged information to convince BEC email recipients that the transfer instructions are legitimate.