US DOJ Indicts 6 for $6M Business Email Compromise ScamAlleged Conspirators Each Face Up to 40 Years in Prison
U.S. federal prosecutors unsealed indictments Wednesday against six Houston-area men for an alleged six-month spree of business email compromise thefts adding up to nearly $6 million.
The Department of Justice indicted the men on charges of conspiracy to commit wire fraud and conspiracy to commit money laundering.
See Also: Email Reporting and Remediation
The suspects - Salif Ndama-Traore, 39; Kyle Emordi, 26; Keith Emordi, 29; Amadou Tidiane Ba, 35; Mohammed Nabi Elikplim Akinotcho, 33; and Ibrahim Bocoum, 32 - each face a maximum sentence of 40 years in prison. Law enforcement arrested the alleged conspiracy members Wednesday.
Alleged victims include a hospital, a labor union, a law firm, a real estate closing company and a logistics company. Conspiracy members allegedly fooled them into wiring money between July 2021 and February 2022 by impersonating customers via emails that came from domains closely resembling legitimate sources.
Business email compromise is a mainstay of social engineering fraud, whether it's conducted through spoofing a legitimate address or hacking into an inbox. Companies across the globe lost $43 billion between June 2016 and December 2021 to business email compromise, the FBI said last year warned. Verizon's 2023 Data Breach Investigations Report found business email compromise attacks nearly doubled in the past year and now comprise about half of all social engineering attacks. The median cost of a BEC attack is about $50,000 (see: Verizon: When Ransomware Attacks Cost, They're Costing More).
A majority of victims are able to recover more than two-thirds of their stolen money, the Verizon report said. Federal prosecutors said the victims of this alleged conspiracy clawed back $3.14 million, resulting in total losses of $2.66 million.
Prosecutors were likely to identify members of the conspiracy since they had transferred stolen money from accounts opened with false identities to bank accounts held in their legal names. They attempted to skirt notice by making cash withdrawals below the $10,000 threshold that prompts an automatic currency transaction report review.
There is at least one other member of the alleged criminal gang, whom prosecutors identified only as an unnamed co-conspirator.
New York Police Commissioner Keechant L. Sewell said the number of online criminals is growing. "Business email compromise and money laundering schemes, although not violent, are not victimless and can be devastating to the organizations and individuals who fall prey to them," she said.