The U.S. Department of Justice has sentenced 31-year-old Malachi Mullings from Sandy Springs, Georgia, to 10 years in prison for his role in laundering over $4.5 million through business email compromise (BEC) and romance scams. Mullings, who pleaded guilty to the charges in January 2023, managed the fraudulent proceeds by opening 20 bank accounts under a non-existent company named The Mullings Group LLC. This scheme was operational from at least 2019 to July 2021 and targeted various entities, including a healthcare benefit program and private companies.
BEC scams typically involve cybercriminals using social engineering tactics to deceive executives and employees into transferring money or sensitive information to accounts under the attackers’ control. Mullings and his co-conspirators exploited these methods to defraud their victims, often using compromised email accounts to send phishing emails that prompted vendors to make wire transfers or change banking details. The ill-gotten gains were then laundered through various financial transactions, with some proceeds being used to purchase luxury items such as expensive cars and jewelry, including a Ferrari bought with $260,000 obtained from a romance scam.
In a related case, a Russian citizen named Evgeniy Doroshenko, also known as FlankerWWH, has been indicted in the U.S. for his role as an access broker. Doroshenko allegedly broke into corporate networks and sold access to these networks on cybercrime forums between February 2019 and May 2024. He faces charges of wire fraud and computer-related fraud, each carrying a maximum sentence of 25 years in prison and a $250,000 fine or twice the gross amount of gain or loss resulting from the offense. Doroshenko remains at large, continuing the international pursuit of cybercriminals involved in such sophisticated schemes.
The Department of Justice’s actions highlight the growing threat of cybercrime and the importance of robust cybersecurity measures. As cybercriminals continue to evolve their tactics, including using advanced social engineering techniques and leveraging online forums for illegal activities, it becomes increasingly crucial for organizations to enhance their cybersecurity protocols and remain vigilant against potential threats.
