Security
Headlines
HeadlinesLatestCVEs

Headline

Romance scammer given 25 years of alone time

Categories: News Tags: Scam

Tags: spam

Tags: phish

Tags: BEC

Tags: business email compromise

Tags: romance

Tags: fake

Tags: fraud

Tags: wire

Tags: money mule

We take a look at a scammer, involved in both BEC fraud and romance scams, who has been jailed for a whopping 25 years.

(Read more…)

The post Romance scammer given 25 years of alone time appeared first on Malwarebytes Labs.

Malwarebytes

Romance scams are often low risk, high reward strategies for ciminals, who use them to steal large sums of money from vulnerable people in the cruellest ways possible. Once the victim wires the cash, there’s a good chance that it’s never coming back. The perpetrator has almost certainly covered their tracks, and both the criminal and their stolen funds are gone forever.

Sometimes, however, it doesn’t quite go according to plan for the scammer. Maybe they get too greedy, or they make a few crucial mistakes. Occasionally, it’s a combination of both.

In this particular instance, it’s a heady mix of greed and scattering a trail to the winds, and hoping the long arm of the law doesn’t catch up.

Catch up, it did…

$9.5 million dollars later…

The US Department of Justice has put out a release which details the shutting down of a romance scam operation, and significant jail time for at least one of the perpetrators to boot. From the release:

Elvis Eghosa Ogiekpolor has been sentenced to 25 years in federal prison for money laundering and conspiracy to commit money laundering after being convicted at trial. Ogiekpolor opened and directed others to open at least 50 fraudulent business bank accounts that received over $9.5 million dollars from various online frauds, including romance frauds and business email compromise scams (“BECs”). He then laundered the fraud proceeds using other accounts, including dozens of accounts overseas.

Already we can see a mixed-bag of fake dating profiles and money muling, which often leaves the mules themselves liable for various criminal activities. There’s even some business email compromise (BEC) in there, which often involves convincing organsations to wire money at the behest of fake CEOs or people in finance. A broad range of scam types, with no other purpose than to extract as much money as possible from businesses and individuals.

No wonder, then, that $9.5 million dollars is cited in the press release.

Of romance and money mules

The romance scams focused on having the victims wire funds to bogus accounts, and mailing money to the mules. Once he was in possession of the ill-gotten gains, they were sent to accounts outside of the US and ended with big cash withdrawals and cashier cheques. Retired widows appear to have been the main target where this particular scam was concerned. This makes sense for the attacker; they’re liable to have potentially significant funds in their savings accounts. From the release:

In Ogiekpolor’s case, unsuspecting victims would typically wire funds directly into one of his fraudulent accounts, or mail checks or cash to Ogiekpolor’s money mules in Georgia. Once the fraud proceeds were posted to his accounts, Ogiekpolor laundered the funds, including wiring hundreds of thousands of dollars to overseas accounts, and withdrawing substantial amounts in cash and cashier’s checks.

No fewer than 13 romance fraud victims testified against him, yet they represented “just a small number” of victims who were defrauded by Ogiekpolor. One lost $32,000 to “replace” a part of an oil rig. Another was parted with close to $70,000 after fictitious claims relating to a supposedly frozen bank account.

These are terrible, life-ruining amounts of money to lose in this fashion.

An in-depth BEC campaign

His business email compromise sideline similarly pulled in large amounts of money from victims. Organisations believed payments sometimes hitting the “several hundreds of thousands of dollars” level were genuine payments to long-standing vendors. Many BEC scams may stop at “merely” compromising someone’s email address to make the scam look believable. Others, unable to hijack an account, will set up imitation mails instead which only look similar to the real thing.

In this case, we have someone who may have been poking around networks and emails to map out a picture of business relationships before making his move. At time of writing, no fewer than five other individuals have been convicted of conspiracy to commit money laundering in connection with the case.

All of them are based in Georgia, USA. So let this be a valuable reminder that not all romance scams operate out of non-US locations. Anyone, anywhere, can be looking to fleece widows and compromise a business network in order to secure a hefty payday.

Romance and business: a potent mix

You can see a little more of the actual texts and receipts related to this case in an article on The Register, which includes the FBI affidavit. If you’re worried about falling victim to heartstring-pulling tricksters, we have a list of actionable tips and suggestions in a recent article about Deepfake romance scams. And if BEC is concern, we’ve got you covered there too.

This isn’t the first crossover of BEC attacks and romance scams we’ve seen, and it certainly won’t be the last.

Stay safe out there!

Malwarebytes: Latest News

Spotify, Audible, and Amazon used to push dodgy forex trading sites and more