Government Seeks Civil Forfeiture of Funds Stolen in Business E-Mail Fraud

Patterson Belknap Webb & Tyler LLP
Contact

On April 14, 2016, the U.S. Attorney for the Southern District of New York filed a civil forfeiture action seeking to recover nearly $100 million stolen from an unidentified U.S. company through a form of wire fraud or Automated Clearing House (“ACH”) fraud.

According to the complaint filed in Manhattan federal court, the perpetrators created a fake email address and posed as one of the victim’s legitimate vendors.  Through this email “spoof,” the victimized company transferred $98.9 million intended for the vendor into an account at Eurobank Cyprus, Ltd.  The funds were then redirected to various accounts controlled by the perpetrators throughout the world.  But officials at Eurobank Cyprus Ltd. quickly detected a problem and prevented nearly $75 million from being transferred into the perpetrators’ accounts, and most of the remaining funds have been frozen in accounts throughout the world.  The case is U.S. v. Certain Funds on Deposit in Various Accounts Detailed Herein, and All Funds Traceable Thereto, case number 1:16-cv-02800 (S.D.N.Y.).

As we previously noted, cybercrime targeting financial transactions is nothing new. But this case is a stark reminder of the increasing prevalence of business e-mail fraud and ACH fraud generally.  On April 4, 2016, the FBI issued a warning of “a dramatic rise in the business e-mail compromise scam or “B.E.C.,” a scheme that targets businesses and has resulted in massive financial losses . . . .”  The FBI noted that perpetrators of this variant of fraud will go to great lengths to spoof company or customer e-mail or use social engineering to facilitate fraudulent wire transfers to foreign accounts.

The FBI recommends that businesses take several precautions to guard against this type of wire fraud, including:

●  Exercise caution with e-mail-only wire transfer and other “urgent” financial requests

●  Verify such request with legitimate business partners verbally at an established telephone number of record

●  Be cautious of mimicked or spoofed e-mail addresses

●  Practice multi-level authentication

●  Closely monitor and frequently reconcile account balances

●  Use strong passwords and change them often

●  Restrict access to computers used for ACH transactions and limit the number of employees authorized to engage in such transactions

●  Regularly update computer networks, firewalls and anti-virus software

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Patterson Belknap Webb & Tyler LLP | Attorney Advertising

Written by:

Patterson Belknap Webb & Tyler LLP
Contact
more
less

Patterson Belknap Webb & Tyler LLP on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide