A former Army reservist was just sentenced to 46 months in prison and ordered to pay nearly $2 million in penalties and restitution, after pleading guilty to scamming dozens of people online, including the elderly and a veteran’s organization for Marines.
Joseph Iorhemba Asan Jr. along with his accused co-conspirator and fellow Army Reservist Charles Infeanyi Ogozy, used two primary tactics to steal money from unsuspecting victims, according to the U.S. Attorney’s Office in the Southern District of New York.
“Among the many victims of the internet scams facilitated by Joseph Asan Jr. were elderly women and men who were callously fooled into believing they were engaging online with potential romantic interests,” Manhattan U.S. Attorney Audrey Strauss said. “This former serviceman and his co-defendant even laundered money stolen from a U.S. Marine Corps veteran’s organization in one of the conspiracy’s email-spoofing schemes. Asan’s crimes have indeed led to his own reversal of his fortune, as this former defender of this country now becomes a federal prisoner.”
Romance Scams & BEC Attacks
The first type of attack was a straightforward romance scam where Asan and Ogozy would pose as a romantic interest of an elderly person and trick them into wiring him cash.
“Members of the scheme deluded unsuspecting older women and men into believing they were in a romantic relationship with a fake identity assumed by members of the scheme and used false pretenses to cause the victims to transfer money to bank accounts under the control of members of the scheme, including Asan and Ogozy,” the Justice Department statement said.
The second was a business email compromise (BEC) scam where Asan and Ogozy would would gain unauthorized access to organizations (including a Marine veteran’s organization) to impersonate employees and trick third parties into sending them money intended for the organization, the DoJ added.
Once they conned victims into wiring the cash to various accounts, they laundered the stolen cash through several fake business names like Uxbridge Capital LLC and Renegade Logistics, the DOJ said. Law enforcement traced 69 identified victims and $1.8 in stolen money to 10 businesses and accounts at eight different banks, all controlled by Asan, adding that they think there was more stolen money they couldn’t track down.
“In connection with the opening of the business bank accounts, Asan made multiple false statements to banks about the purported business of his companies, including misrepresentations that the companies were involved in shipping, real estate and public relations,” the DoJ statement said. “In addition, a significant portion of the laundered funds was deposited and withdrawn in cash that was not able to be traced by law enforcement.”
The DoJ added that in addition to the more than three-and-a-half years in prison, Asan will forfeit $184,723 and pay restitution to victims totaling $1,792,015.
BEC Attacks Escalate
Threat actors have ratcheted up their email fraud schemes of late. More than $1.8 billion was stolen through BEC attacks in 2020 alone, according to a report Cisco’s Talos Intelligence. The researchers explained that it’s an attractive scam for attackers because it generates revenue without a lot of attention from law enforcement.
But that appears to be changing.
Proofpoint outlined some of the most high-profile BEC compromises of the past couple of years, proving no industry or leader is immune from getting suckered by scammers.
Real-estate mogul and “Shark Tank” TV investor Barbara Corcoran was duped out of $400,000 in March 2020 to pay for a fake real-estate renovation, which she was later able to recoup. Japanese media conglomerate Nikkei transferred $29 million to an account in Sept. 2019 based on an email that appeared to come from an executive. Proofpoint reported that it’s unclear whether it was able to get the money back.
In addition to recognizable business brands, BEC attacks continue small, local governments including those in Ocala, Fla., which was rooked out of $740,000; and Cabarrus County, N.C. which lost $2.5 million, both to BEC attacks. Even school districts like Manor Independent outside of Austin, Texas had $2.3 million stolen in late 2019.
“As these cases show, [these] are equal-opportunity scammers,” Proofpoint researchers said. “They target organizations of every size and people at every rung of the corporate ladder.”
Perhaps added attention from law enforcement and tough sentences handed down to those convicted, like Asan, will help turn the tide against these kinds of attacks.
It’s time to evolve threat hunting into a pursuit of adversaries. JOIN Threatpost and Cybersixgill for Threat Hunting to Catch Adversaries, Not Just Stop Attacks and get a guided tour of the dark web and learn how to track threat actors before their next attack. REGISTER NOW for the LIVE discussion on Sept. 22 at 2 p.m. EST with Cybersixgill’s Sumukh Tendulkar and Edan Cohen, along with independent researcher and vCISO Chris Roberts and Threatpost host Becky Bracken.