Six Houston-area men have been indicted by U.S. federal prosecutors for their alleged involvement in a six-month spree of business email compromise thefts, amounting to nearly $6 million.
The Department of Justice charged the suspects with conspiracy to commit wire fraud and conspiracy to commit money laundering. The victims of the scheme, which included a hospital, a labor union, a law firm, a real estate closing company, and a logistics company, were deceived into wiring money between July 2021 and February 2022 through emails impersonating customers and utilizing domains resembling legitimate sources.
Business email compromise has become a prevalent form of social engineering fraud, whether through spoofing legitimate addresses or hacking into inboxes. According to the FBI, companies worldwide lost $43 billion to business email compromise between June 2016 and December 2021.
Verizon’s 2023 Data Breach Investigations Report revealed that such attacks have nearly doubled in the past year, constituting approximately half of all social engineering attacks. The median cost of a business email compromise attack stands at around $50,000.
While many victims manage to recover a significant portion of their stolen funds, the alleged conspiracy resulted in total losses of $2.66 million, despite the victims clawing back $3.14 million, as per federal prosecutors. The suspects attempted to evade detection by transferring stolen money from accounts opened with false identities to bank accounts held in their legal names.
Additionally, they made cash withdrawals below the $10,000 threshold that would trigger an automatic currency transaction report review.
Authorities have identified at least one more member of the criminal gang involved, referred to as an unnamed co-conspirator. Highlighting the impact of such crimes, New York Police Commissioner Keechant L. Sewell emphasized that business email compromise and money laundering schemes, though lacking in violence, are far from victimless and can have devastating consequences for organizations and individuals who become targets.
