U.S. Attorney’s Office seizes $3.5M in business email compromise scam

Westport Police aided federal agents in tracking down funds a local business lost in a business email compromise scam. Photo courtesy of Town of Westport

The U.S. Attorney’s Office has seized approximately $3,507,191 in funds stolen from a Connecticut company through a business email compromise scam, according to Vanessa R. Avery, U.S. Attorney for the District of Connecticut, and Michael J. Krol, special agent in charge of Homeland Security Investigations (HSI), New England.

According to a complaint filed Wednesday, Nov. 20 in U.S. District Court, HSI and Westport Police began investigating in July 2024 a business email scam that victimized a Connecticut business.  The probe revealed that the business had received an email from a spoofed email address, which was very similar to a general contractor’s legitimate email address, with instructions for a payment that was to be made to the general contractor.  In May and June 2024, the Connecticut business sent approximately $5.4 million to the bank account as instructed.

The company promptly reported the business email compromise to Westport Police, and HSI successfully traced the stolen money to nine separate bank accounts, which were seized by the government.  With the filing of the forfeiture complaint, the U.S. Attorney’s Office will seek to forfeit the proceeds of the crime and, should it be successful, work with the Department of Justice’s Money Laundering and Asset Recovery Section to return the money to the victim company.

“These cases demonstrate the U.S. Attorney’s Office’s commitment to helping victims of crime,” said Avery.  “Working with our law enforcement partners, we will continue to pursue criminal prosecution of the individuals responsible for these crimes, but using civil asset forfeiture, we can expeditiously recover as much stolen money as possible and return this money to victims prior to criminal convictions. ”

A business email compromise scam, which usually involves email spoofing, involves the creation of email messages with a deceptive sender display name.  When a bad actor engages in an email spoofing attack, the bad actor sends an email header that displays an inaccurate sender address, which can deceive the receiver unless they inspect the header closely.

This inaccurate sender address is usually someone the receiver knows or trusts, so the receiver might open malicious links or engage in risky behavior that the receiver would otherwise not engage in.

In this case, the bad actors impersonated one of the parties to the real transactions and replaced the intended beneficiary account with their own prior to payment.  By changing the intended beneficiary account, the bad actors commit an email scam.

“Business email compromise scams are sophisticated and difficult to detect, resulting in major losses for businesses,” said Krol.  “It is essential that businesses that have been victimized by scammers reach out to law enforcement immediately for the best chance to recover their lost funds. HSI is using innovative investigative methods to pursue business email compromise cases to get victims their money back and gather evidence to bring scammers to justice.”

To avoid becoming the victim of such a scam, verify email addresses are accurate when checking mail on a cellphone or other mobile device before you open any attachments or follow any instructions and never make any payment changes without verifying with the intended recipient by phone or in person.  If you think you have been a victim, immediately contact your bank to request a recall or reversal as well as a Hold Harmless Letter or Letter of Indemnity and contact local law enforcement.

Additionally, file a detailed complaint with the Internet Crime Complaint Center at www.ic3.gov.  The center is run by the FBI and serves as the country’s hub for reporting cybercrime.