Fraudster poses as CEO or other company official to trick employee into wiring money
By Mike Mosedale
The Daily Record Newswire
MINNEAPOLIS, MN - In an effort to recover some of the nearly $40 million that a Minnesota company lost to a sophisticated Internet scam nearly two years ago, the U.S. Attorney's Office is invoking a seldom used civil forfeiture statute.
The action, filed in U.S. District Court of Minnesota late last month, targets $757,877 that was seized from the New York branch of Shanghai-based Bank of Communications - all that remained of the approximately $10 million that was deposited in two Chinese bank accounts by the time the victim discovered the fraud and the government executed a warrant.
Under section 981 (k) of the federal code, the government can seize illicitly obtained funds held in banks outside the U.S. by going after those institutions' interbank accounts in the U.S.
Assistant U.S. Attorney Craig Baune, who filed the forfeiture complaint, said the statute has rarely been invoked in the Minnesota district.
"In cases like this, 981 (k) is a valuable tool as well because it allows us to go straight to an interbank account when we could not otherwise get to the funds because they're located in a country where a treaty might not work," said Baune, who declined to identify the victimized company.
The funds will likely be returned to the company, he added.
Spear phishing
Benjamin Langner, an assistant U.S. attorney in the white-collar crime division, said the unnamed company fell victim to what's known as "spear phishing" - a sophisticated variation on the ubiquitous phishing scam.
"It's probably more common than you think," said Langner. "We've had some success investigating these cases and getting money back. The primary thing we need is to get contacted as soon as possible. The quicker we get information, the quicker we can attempt to retrieve the money."
With spear phishing scams, the fraudster typically spoofs the email address of a CEO or other top official at the targeted company to trick an employee into providing confidential information or even directly wiring funds to overseas bank accounts. Because spear phishing scams are not sent in mass emails like conventional phishing scams, they are less likely to be detected by spam filters.
Langner said he couldn't estimate how much money Minnesota businesses have lost to spear phishers, or comment on any other specifics about the case at hand.
"This is a fairly significant dollar value," Langner said of the $40 million lost in connection with the current forfeiture proceeding. "But there are plenty of others that occur in lower dollar amounts."
Last month, the FBI issued an alert reporting a "dramatic" surge in such CEO fraud cases, also known as "Business E-mail Compromise" scams. The agency estimates that BEC scams caused a staggering $2.3 billion in losses over the past three years alone.
"It is still largely unknown how victims are selected. However, the subjects monitor and study their selected victims prior to initiating the BEC scam," the alert states. "The subjects are able to accurately identify the individuals and protocol necessary to perform wire transfers within a specific business environment."
That appears to be pretty much exactly what happened to the duped Minnesota business.
According to the 13-page civil forfeiture complaint, the con commenced on May 29, 2014, when a "person purporting to be the CEO" sent the company's accounts payable coordinator an email under the subject line "Confidential Matter."
"Attorney David Madison is going to contact you," the email from the fake CEO stated. "We are currently acquiring a company and so we will be needing your direct attention concerning accounting documents to finalize this acquisition. I inform you that I gave all the power to our Attorney that will be handling this operation. So please send the information and execute everything he needs."
"This is of the upmost importance, we need to file this asap and conclude with the first deposit. Attorney Madison will inform me of the evolution of this operation," the message continued. "For reason of confidentiality and to follow the strict guidelines of an Acquisition we will only be in contact by email. Any questions you may have, please address them directly to Mr. Madison. You are the only one that is aware as of now, so I would need you to keep this reserved for yourself until the public announcement."
'David Madison' calling
Not long afterward, "David Madison" telephoned the coordinator to discuss the details of the transaction.
"Madison subsequently provided the coordinator with the specific details of wire transfers that he claimed were necessary to complete the supposed acquisitions," the filing states. "In each instance, the Coordinator was instructed to make the payment in Euros to a foreign account."
Believing both the communications and the purchase were legitimate, over the next two weeks the coordinator wired over $52 million, in nine separate transactions, to banks in China and Slovakia.
Three days after the last of the transfers, the company's executives discovered they'd been swindled. They were able to recover the funds sent in the final transfer - $12.7 million to the Agricultural Bank of China - but none of the others.
The following month, according to the filing, the U.S. government served a seizure warrant on the New York branch of the Bank of Communications for $755,877 - all that remained of the more than $10 million that the company wired to the Bank of Communication's Shanghai branch in two other transactions.
Langner said such cases underscore the need for companies to educate employees about the existence of such schemes and to establish better financial controls, such as requiring multiple levels of authority to approve large transactions.
Published: Thu, May 19, 2016
