Tuesday, June 25, 2024

$50 Million in BEC Losses

The Eastern District of New York has announced charges against four men for their roles in a Business Email Compromise (BEC) and romance scams. 

https://www.justice.gov/usao-edny/pr/four-individuals-charged-connection-business-email-compromise-schemes-and-related-0

The US Attorney's Office press release states: 

Defendants Allegedly Participated in Fraudulent Schemes That Resulted in More Than $50 Million in Losses by Victims in New York City and Across the Country

Today, indictments were unsealed in federal court in Brooklyn charging four defendants for their participation in a series of fraudulent business email compromise (BEC) schemes and related romance schemes that resulted in more than $50 million in losses by individuals and small businesses located within the Eastern District of New York and throughout the United States. 

The first defendant, Animashaun Adebo, also known as Kazeem and Kazeem Animashaun, was arrested in Chicago and posted $1 million in bail on the surety of three co-signers, including Toyosi Abdul who appeared in person on 20JUN2024.  He is charged in an indictment along with Idowu Ademoroti, with five unnamed co-conspirators -- three from Nigeria (one living in the US), one from Cameroon (living in the US), and one from Germany (living in the US.)  ADEMOROTI is described as being 31 and living in Milwaukee, Wisconsin and Atlanta, Georgia. 

Adebo and Ademoroti are charged with operating an illegal money transmitting business and receiving and laundering funds from BEC and Romance Scams, including real estate transactions.  One example is from a July 2021 real estate deal where a home was being purchased in Brooklyn, New York.  A wire for $450,000 was misdirected after fraudulent emails told the buyer to wire the funds to the wrong location.  The funds were then used to write three cashier's checks payable to Q&A LLC, a corporation registered to ADEMOROTI. 

Wisconsin.gov: Q&A LLC Entity ID: Q005966, created 31JUL2020


A second example followed the same model, with $1,319,669 being wired to the wrong location for the purchase of construction equipment. Some of those funds were used to purchase three luxury wrist watches for $319,000 which were provided to ADEBO.  

In a third example, a worker in a veterinarian clinic was convinced to send pharmaceutical payments to the wrong bank account, and made payments of $459,453 (around 24MAY2021) and $1,117,036 (around 03JUN2021) to the wrong address.  Those funds went to a bank account belonging to a romance scam victim! The victim believed he was in love with a "Nicole Newton" who was using a variety of schemes to extract money from him. These funds were used to send wires, write checks, and purchase and transfer cryptocurrency.  Two of those checks, for $137,500 and $157,300, were sent to Q&A LLC, at a Chicago address and deposited into accounts controlled by ADEMOROTI. 

In a fourth example, a California title insurance company was convinced to wire $3,920,275 to a fake escrow attorney related to a legal settlement between two companies. Some of these funds were also sent, at ADEBO's direction, to Q&A LLC in Chicago.  Many of these funds were converted to Naira and deposited into bank accounts in Nigeria. 

Nigerian Co-Conspirators Unveiled

Noguan Marvellous Eboigbe, who used aliases Randall Olson, Martin Roberto, and Carlos Eduardo, lived in Nigeria and was the one who conducted the email scams mentioned above.  In once case he posed as the lawyer Randall Olson, with email randallolson648@gmail.com to give the false information for the payment of construction equipment.  In another, he used the email olsonrandalls@aol.com to send an additional $500,000, also for construction equipment.  Using the email mroberto@martirosoft.com and the name Martin Roberto, he caused $1.2 Million to be misdirected.  Using the email "c.eduardo@carsotecnologia.com" he caused a $3.9 Million payment to be misdirected.  In interactions with six victim law firms, EBOIGBE cause more than $10 Million to be sent to the wrong bank accounts, some of which flowed into the accounts of the other co-conspirators. 

Nelson Ojeriakhi used aliases Ojeey Mami and Oba Millie to conduct BEC scams, claiming to be a lawyer and using the email closingoffices@gmail.com, OJERIAKHI caused a New York based couple to wire $450,000 to the wrong account.  The indictment demonstrates that at some point OJERIAKHI or his co-conspirators were able to access the real estate broker's email account and add mail rules causing any emails from the legitimate parties in the transaction to be deleted. 


The indictment against OJERIAKHI shows several additional examples with victims being tricked into misdirecting funds including another $690,000, $114,000, and $120,000. 

Strange Co-Conspirator: the 79 Year Old Woman from Germany 

The German co-conspirator charged in this case was Franziska Von Greve-Dierfeld, who was 79 years old.  In April 2021, Franziska created a Chicago-area bank baccount for a company called Enbro LLC, claiming she was in the business of wholesale fabrics and furniture.  The accont received multiple deposits, none of which were related to the stated business purpose.   $360,000 from an attorney in Seattle, Washington, $340,000 more from the same attorney.  $996,240 from an organization in Philadelphia.  Franziska created additional businesses and opened accounts at aditional banks, also receiving, for example, two wires totaling $2,277,090.99 from a grocery store in Iowa; $910,000 from a jewelry store in Queens, New York, and $93,700 in a cashier's check.  She was arrested on 25MAY2022 in Pennsvylvania and released 23AUG2023 with the sentence of "time served" and a forfeiture order for $2.3 Million before being "Judicially Removed" from the United States and sent home to Germany. 

I anticipate that as this case moves forward, we'll find Franziska was a Romance Scam victim who got caught up in the conspiracy. 



Monday, June 24, 2024

Millions and Millions of Fraud Domains: China attacks Illegal Gambling and Telecom Fraud

Last week I was reviewing a publication by the United Nation Office on Drugs and Crime published in January 2024, titled "Casinos, Money Laundering, Underground Banking, and Transnational Organized Crime in East and Southeast Asia: A Hidden and Accelerating Threat."

(URL to the UNODC report: UNODC: Casinos, Money Laundering, Underground Banking ... full report)

(URL to the USIP report: https://www.usip.org/node/160386 )


The reason I was looking into the report is that this 106 page report is about how Chinese organized crime has planted themselves in Casino complexes across Cambodia, Indonesia, Lao PDR, the Philippine, Thailand, and Viet Nam. The same modus operandi that we associate with the crypto investment scams that use the horrible name "pig butchering" to describe the financial grooming that leads to the complete financial devastation of so many Americans. In fact, I discovered the UN report, only by seeing it quoted in he report by the United States Institute of Peace, "Transnational Crime in Southeast Asia: A Growing Threat to Global Peace and Security" where it was mentioned in a footnote.


Examining Chinese Ministry of Public Security reports

The UNODC report shares statistics from a Ministry of Public Security of China note, without providing a URL, that "between January to November 2023, authorities in the country successfully resolved 391,000 cases related to telecommunications and network fraud, totaling the arrest of 79,000 suspects, including 263 'backbone members or paymasters' of cyberfraud groups" (in the countries mentioned above.) This included:

  • interception of 2.75 BILLION fraud calls
  • interception of 2.28 BILLION fraud messages
  • the removal of 8.36 million fraud-related domain names
  • and 328.8 billion yuan (US $46 billion) in funds related to fraud cases.
Since I am working on a project that we call "Twenty Targets for Takedown" that is attempting to shut own illicit websites by terminating their domain registrations and hosting arrangements, the number "8.36 million fraud-related domains" made me shudder. I am fortunate to count among my network some of the leading experts in domain-name related fraud and abuse, the number seemed overwhelmingly high, and I asked my colleagues from CAUCE, the Coalition Against Unsolicited Commercial Email, for assistance in looking into it. One quick opinion was that this could include a definition of domain name that would be more akin to a hostname, similar to what we have on Blogspot. "garwarner.blogspot.com" is a hostname on the domain "blogspot.com" ... but some would call it a "fully qualified domain name" and consider it a separate FQDN than other xyz.blogspot.com or abc.blogspot.com "domains." John Levine helped me solve the "did they really mean millions, or is this possibly a bad translation" by helping me find the Ministry of Public Security site where the article was coming from and share several updated versions of these statistics.


18 Million Websites! 

The latest article we can find, dated 31MAY2024, quotes Li Guozhong ( 李国中 ) the Spokesman for China's Ministry of Pubic Security describing their successes over the past five years.  In 2021, they established a National Anti-Fraud Center which sent out 660 million notices and were able to help stop fraud against 18.44 million people. This most recent article, which is focused on fraud and doesn't mention gambling at all, says that they have "handled 18 million domain names and websites."  That's a machine translation of ( 处置涉案域名网址1800万个 ).  I can confirm the 18 million ... written as 1800 ten thousands - 1800万个.  Handled is perhaps better rendered "disposed of" 处置  (Chǔzhì).  Still unsure how to interpret 域名 ( Yùmíng - Domain name) 网址 (Wǎngzhǐ - website), but I think for now, I'm going to assume it means "URLs" or "FQDNs" as opposed to only registered domains 

The Anti-Fraud Center has intercepted 6.99 billion fraud calls and 6.84 billion text messages and intercepted 1.1 trillion yuan of funds. At current exchange rates, that would be around $151 Billion US Dollars!   

Just since July 2023, 49,000 cyber fraud suspects have been transferred to China from northern Myanmar. 82,000 criminal suspect have been arrested, including 426 key "financial backers" behind the fraud groups.  

Several maps help to demonstrate what's going on in Southeast Asia: 
(Source: Figure 1 from the afore-mentioned USIP report) 

Source: afore-mentioned UNODC report -- note the Myanmar/China border, which is where most of the Chinese rescues and raids have been conducted.

How Much Fraud? $64 Billion to $157 Billion per year!


The US Institute of Peace report estimates that there are as many as 500,000 scammers deployed in the region, earning potentially $64 Billion per year in fraud. The methodology they used for this calculation came from the UNODC report above. On p. 55 of that report, the UN said that they estimated each scammer was earning between $300 and 400 per day, and that they believed there were 80,000 to 100,000 scammers working six days per week in one unnamed Mekong country.  Using that estimate, they gave a "range" of $7.5 Billion to $12.5 billion in scam revenue for that country.  These numbers were calculated consistently with a Chinese MPS report about an initiative they called "Operation Chain Break" which estimated that scam compounds, including gambling and cyber scams, were generating $157 Billion per year. 

China's Ministry of Public Security is actively conducting military style raids to help recover these fraud suspects from northern Myanmar, where China shares a long border with the country, which remains deeply embroiled in a state of civil war. MPS is also working collectively with other Southeast Asian countries and says it has "destroyed 37 overseas fraud dens." 

China Launches Month of National Anti-Fraud Action

Today (24JUN2024) China launched a new month-long "National Anti-Fraud Action" with a nation-wide campaign that declares "Beware of new fraud methods and don't be a tool for telecom fraud."  The campaign uses what China calls a "Five-In" approach, meaning that Chinese citizens will see and spread anti-fraud messages in Communities, Rural Areas, Families, Schools, and Businesses.  Students will be provided materials to share with their families, Employees will be encouraged to share anti-fraud messages and materials with their families and communities, and Chinese Communist Party offices in rural areas and civic organizations will make sure the message is spread in those areas as well. The materials being prepared will be written separately to address the awareness needs of merchants, accounting personnel, minors, and the elderly, describing each fraud typology and helping to describe methods to safeguard from these typologies. A major objective will also be to help understand how to avoid becoming a "tool" or an "accomplice" of these fraud rings, who prey on the financially vulnerable to help them launder the proceeds of their crime.  The Ministry of Public Security will jointly publish the "Overseas Telecom Network Fraud Prevention Handbook with the Ministry of Foreign Affairs and the Ministry of Education to help improve prevention awareness especially for overseas students and diaspora Chinese communities. Major news media and new media platforms will continuously feature anti-fraud reports to strengthen and educate the public on fraud prevention and "continue to set off a new wave of anti-fraud among the whole people the whole society." 

Gee, doesn't that sound like REACT's Erin West and Operation Shamrock -- but with the full cooperation of the Government and Society? 

The announcement of the month of National Anti-Fraud Action concludes with some more recent statistics about the work of the National Anti-Fraud Center.  Just since 2023, today's report says that they have: 
  • pushed out 420 million warning and dissuasion instructions
  • met with 14.77 million people face-to-face to give warnings 
  • made 310 million phone calls to warn vitims 
  • sent 230 million dissuasion text messages
  • intercepted 3.7 billion fraud calls 
  • intercepted 2.96 billion fraud-related text messages
  • blocked 11.619 million fraud-related domain names -- BLOCKED - this may mean "prevented access via Chinese Internet -- which may mean the sites are still available to victimize foreigners
  • intercepted 452.9 billion yuan of funds ($62 Billion USD) 
What does this mean to those of us in the United States?  If China is doing an all-hands "Five-In" awareness campaign and deploying police for face-to-face dissuasion, the fraudsters may very realistically need to INCREASE their targeting of overseas victims to make up for the projected revenue hit this new effort may create. 

To quote Director Easterly at CISA: SHIELDS UP!