A 64-year-old man has pleaded guilty in a Texan court to charges of money laundering after a series of attacks that defrauded companies out of hundreds of thousands of dollars.

Kenenty Hwan Kim (who sometimes went by the name Myung Kim) took advantage of a simple trick that has proven highly effective to fraudsters in recent years.

The method of tricking businesses into handing over large amounts of money is known as Business Email Compromise (BEC), and comes in a variety of flavours.

One type of BEC scam works as follows:

  • The scammer, posing as an established vendor, sends an e-mail to a business’s accounting department, informing them that their bank account details have changed, and that future payments should be made to the new account.
  • Often the fraudster will pretend to come from a construction company with which the targeted company already has an existing business relationship, and may be in the habit of paying large amounts of money.
  • A scammer will often spoof the genuine email address of the company they are posing as, by using a similar-looking domain.
  • When it comes to the next payment to be made, the targeted company sends it into a bank account under the control of the fraudster. Often the money might not be possible to recover once the targeted company realises its mistake.

A somewhat more sophisticated type of BEC scam sees the attacker actually hack into a business’s email accounts, read their communications and observe what projects are being worked upon, and then eventually pose as a supplier to have funds moved into a bogus account.

Kim, it seems, was not a hacker. But he felt that he had devised a well-conceived plan for stealing hundreds of thousands of dollars and then successfully laundering it, which did not (Read more...)