The United States Attorney’s Office for the District of Massachusetts has secured the forfeiture of over $5 million, originating from victims of a sophisticated business email compromise (BEC) scheme. A BEC is a type of cybercrime where attackers use email fraud to deceive organizations into transferring money or sensitive information.
A BEC scheme typically involves several steps:
- Research and Targeting: Cybercriminals begin by researching their targets, often using publicly available information to identify key personnel within an organization, such as executives or finance officers.
- Gaining Access: Attackers may use phishing emails or malware to gain access to the email accounts of these key personnel. They might also spoof email addresses to make their communications appear legitimate.
- Impersonation and Deception: Once access is gained, the attackers monitor email conversations to understand the organization's processes and communication patterns. They then impersonate a trusted figure within the organization, such as a CEO or vendor, and send fraudulent emails requesting money transfers or sensitive information.
- Execution: The fraudulent emails often contain urgent requests for wire transfers or payments to accounts controlled by the cybercriminals. These emails are crafted to appear as legitimate as possible, sometimes even mimicking the language and style of the person being impersonated.
- Laundering the Funds: Once the money is transferred, it is quickly moved through a series of intermediary accounts, often across multiple countries, to obscure its origin and make recovery more difficult.
The case began in January 2023 when a workers' union in Dorchester, Massachusetts, fell victim to a deceptive email that appeared to be from its investment manager. This fraudulent communication led to the transfer of $6.4 million to a bank account controlled by cybercriminals. The stolen funds were then laundered through a series of intermediary accounts, with attempts to move money to cryptocurrency exchanges and various international bank accounts.
Thanks to the diligent work of investigators, the proceeds of the scheme were traced to seven domestically held bank accounts, leading to the recovery of approximately $5,315,746.
United States Attorney Leah B. Foley emphasized the significance of this recovery, stating, “This case underscores the sophisticated and global nature of financial fraud schemes that prey on organizations and their hard-earned resources. Thanks to the diligent efforts of our law enforcement partners, we have successfully traced and recovered millions of dollars stolen through deception. This forfeiture serves as a stark warning: We will relentlessly pursue stolen funds – no matter where cybercriminals operate.”
The collaborative efforts of the U.S. Attorney’s Office, the Justice Department’s Criminal Division, and the United States Secret Service were instrumental in achieving this outcome.
For New England business owners, this recovery highlights the importance of staying informed, implementing strong security protocols, and fostering a culture of vigilance within organizations.