Last week, the U.S. District Court for the Eastern District of Virginia has accused three men of money laundering and aggravated identity theft as part of a Business Email Compromise (BEC) campaign.
What Is BEC?
As explained by my colleague Dora, Business Email Compromise (BEC) is a type of targeted scam in which an attacker impersonates a company executive or high-level employee with the intent of defrauding or extracting sensitive data from the company or its partners.
The end goal of a BEC fraud is to persuade the target to make a money transfer or send sensitive data to the attacker while believing they are executing a legitimate and regular business operation.
According to BleepingComputer, between January 2018 and March 2020, Onyewuchi Ibeh, 21, of Bowie, Maryland, Jason Joyner, 42, of Washington, D.C., and Mouaaz Elkhebri, 30, of Alexandria, Virginia, hacked the corporate networks of small and large businesses in the United States and around the world.
Through phishing attacks or malware deployment, the three individuals compromised their victims’ computer systems, including their email servers and email accounts.
Following the initial attack, the hackers spent several months blocking communications and learning everything they could about payment systems, communication patterns, distributors, customers, people in charge