Hand holding $ symbol

The U.S. Department of Justice (DOJ) has charged ten defendants for their alleged involvement in business email compromise (BEC) schemes targeting numerous victims across the country, including U.S. federal funding programs like Medicare and Medicaid.

In total, the losses resulting from their attacks amount to more than $11,1 million, stolen by tricking the victims into redirecting bank transfers into the fraudsters' accounts.

To trick the targets into believing the payments were made to legitimate accounts, US DOJ says the attackers spoofed the email addresses of hospitals to request public and private health insurance programs to switch to new bank accounts (controlled by co-conspirators) to send payments for medical services.

"Unwittingly, five state Medicaid programs, two Medicare Administrative Contractors, and two private health insurers allegedly were deceived into making payments to the defendants and their co-conspirators instead of depositing the reimbursement payments into bank accounts belonging to the hospitals," DOJ said in a press release on Friday.

"The defendants and their co-conspirators allegedly laundered the proceeds fraudulently obtained from these health care benefit plans and from other victims by, among other things, withdrawing large amounts of cash, layering them through other accounts they or their co-conspirators opened in the names of false and stolen identities and shell companies, transferring them overseas, and purchasing luxury goods and exotic automobiles."

US DOJ unsealed charges also linked to money laundering and wire fraud schemes against the defendants in multiple states:

  • six defendants in the Northern District of Georgia (Patrick Ndong-Bike, Desmond Nkwenya, Cory Smith, Chisom Okonkwo, Olugbenga Abu, Trion Thomas)
  • one defendant in the District of South Carolina (Biliamin Fagbewesa)
  • one defendant was previously charged in the Northern District of Georgia (Malachi Mullings)
  • one previously charged in the Eastern District of Virginia (Sauveur Blanchard)
  • a third defendant previously charged in the Northern District of Texas (Adewale Adesanya) has entered a guilty plea and has been sentenced to four years in prison

Their schemes allegedly caused more than $4.7 million in losses to Medicare, Medicaid, and U.S. private health insurers and over $6.4 million in losses to U.S. federal government agencies, private companies, and individuals.

"Millions of American citizens rely on Medicaid, Medicare, and other health care systems for their health care needs," Assistant Director Luis Quesada of the FBI's Criminal Investigative Division added today.

"These subjects utilized complex financial schemes, such as BECs and money laundering, to defraud and undermine health care systems across the United States."

Business email compromise is a $43 billion scam

In May, the FBI said losses due to business email compromise (BEC) scams continue to grow yearly, with a 65% increase in identified global exposed losses between July 2019 and December 2021.

Between June 2016 and July 2019, the FBI's Internet Crime Complaint Center received complaints regarding over 241,000 domestic and international incidents, with a total exposed dollar loss of more than $43.3 billion.

BEC scammers use many tactics—including phishing, social engineering, and hacking—to redirect targets' bank transfers to bank accounts under their control.

While such crooks commonly target businesses, they also attack individuals if they consider the payout worth it. 

Unfortunately, as the FBI revealed, their success rate is also very high because they generally impersonate someone the target trusts, like business partners or company executives.

Related Articles:

Hackers impersonate U.S. government agencies in BEC attacks

Ransomware gang claims they stole 6TB of Change Healthcare data

UnitedHealth subsidiary Optum hack linked to BlackCat ransomware

US charges two more suspects with DraftKing account hacks

INC Ransom threatens to leak 3TB of NHS Scotland stolen data