The US Department of Justice has announced the arrest of four individuals for their alleged roles in a fraud scheme targeting businesses, banks, and individuals.
The four individuals, Joel Zubaid, 55, David Goran, 56, Julian Rebiga, 55, and Martin Mizrahi, 51, are charged with defrauding victims of more than $9.2 million and laundering the proceeds, an indictment unsealed last week reads.
According to the indictment, between April and June 2021, the four defendants participated in at least three fraud operations, including at least two business email compromise (BEC) schemes.
As part of these attacks, the defendants targeted employees in charge of making payments on behalf of their businesses with fraudulent email messages that asked them to make wire transfer payments to bank accounts under the attackers’ control.
Victims of the BEC schemes were tricked into sending over $5.4 million to bank accounts controlled by the scheme participants. Most of the funds were transferred to the defendants’ bank accounts.
Seeking to conceal the source of the proceeds, the defendants transferred the funds to other accounts or converted the money to cryptocurrency.
“When banks froze or sought to recover some of the fraud proceeds, the defendants made multiple attempts to retain or recover control over the funds by lying to the banks about the purpose of the transfers,” the DoJ explains.
The four are also charged with participating in a scheme to fraudulently submit over $3.8 million in charges using stolen credit card information, using point-of-sale systems associated with firms that Mizrahi and Rebiga controlled.
The defendants were charged with wire fraud, bank fraud, conspiracy to commit money laundering, money laundering, and aggravated identity theft.
Last week, the DoJ also announced charges against Oladeji Nathaniel Adelekan, 28, of Lagos, Nigeria, for participating in computer hacking, wire fraud, and money laundering activities that defrauded businesses of roughly $8 million.
Between February 2019 and April 2020, together with conspirators, Adelekan engaged in BEC fraud after compromising email accounts of corporate victims through phishing.
In April 2019, they targeted an employee at a pharmaceutical company, compromised their email account and used it to redirect email messages to an account controlled by the attackers.
Armed with information from these messages, the attackers then spoofed other email accounts at the pharmaceutical company and its supplier, directing the company to wire transfer $7.5 million to a bank in Mexico.
In January 2020, using similar tactics, the cybercriminals targeted an email account at a technology firm in Oregon and tricked the firm into making a $130,000 wire transfer to a bank account controlled by the defendant.
Adelekan is charged with conspiracy to commit wire fraud and wire fraud, conspiracy to commit unauthorized access of a computer, unauthorized access of a computer, and conspiracy to commit money laundering.
Related: Three Nigerian BEC Fraudsters Extradited From UK to US
