Civil complaint filed seeking over $800K from business email compromise scheme

HOUSTON, TX -- A civil complaint has been filed seeking the forfeiture of $834,157.50 seized from a bank account being used to defraud a U.S. business, announced U.S. Attorney Alamdar S. Hamdani.

A business email compromise scheme (BEC) is a sophisticated scam, often targeting businesses involved in wire transfer payments. The fraud is carried out by compromising and/or “spoofing” legitimate business email accounts through social engineering or computer intrusion techniques. It causes employees of the victim company (or other individuals involved in legitimate business transactions with them) to transfer funds to accounts the scammers control.

The complaint was filed Jan. 24. According to allegations, in or about July 2022, authorities seized $834,157.50 held in a Houston bank account. The fraudsters allegedly controlled the account even though it appeared to be that of a legitimate company. Unidentified conspirators gained access to the victim company’s computer networks, including their email servers and accounts, through phishing attacks or the use of malware, according to the complaint.

From there, the hackers allegedly identified employees responsible for financial obligations and their contacts with other companies. The complaint further alleges perpetrators created a spoofed email address, posed as a vendor to which the company owed money and tricked them into wiring funds to an account the fraudsters controlled.

Authorizes then executed a warrant and seized the funds

The Secret Service conducted the investigation. Assistant U.S. Attorney Rick Blaylock is handling the matter.

Business Email Compromise scheme can be prevented. Here are some tips:

• Independently obtain mortgage payoff statements and confirm with verified and trusted sources.

• Independently verify the authenticity of information included in correspondence and statements.

• Enable Multi-Factor Authentication (MFA) on all email accounts.

• Routinely change passwords.

• Routinely monitor email account access, check for unauthorized email rules and forwarding settings.

• Restrict wire transfers to known and previously verified accounts.

• Pay using checks when the information cannot be independently verified.

• Have a clear and detailed Incident Response Plan.

For more information visit the Secret Service’s Preparing for a Cyber Incident page. To learn more about the Secret Service and efforts to combat Business Email Compromise fraud, please click here.

A civil complaint is merely an allegation.
The government must establish that assets are subject to forfeiture.