A Texas resident has finally paid the price for a heady mix of malicious mail antics. A combination of business email compromise (BEC) scams and romance fakeouts bagged them $2.2 million across roughly 6 years.

This is quite a divergent portfolio of scamming activity. You may typically assume BEC scammers, for example, stick to that as it’s their area of expertise. Did you want the fake romance department? Sorry, they’re back down the hall.

If nothing else, this case is instructive in that people running these schemes happily mix-and-match. Shall we take a look?

Business email compromise 101

Business email compromise is a simple yet potentially devastating attack aimed at organisations the world over. These begin with a phish from a stolen or spoofed company mail address. If the address belongs to someone in finance or a CFO, so much the better. The aim of the game is convincing someone to wire funds overseas. If the company has no mechanisms in place to deal with such a threat, there’s a good chance the money is gone forever.

Romance scams 101

These have been around pretty much forever. You know the score: Fake military generals promising a new life overseas, catphishing, random emails out of the blue from people who only need the cost of the airfare to fall into your arms, and so on.

Something this has in common with BEC scams is the ridiculous amount of money to be made from it. Both of these scam areas are wildly profitable for people who know what they’re doing.

So now you can perhaps see why this particular individual was so invested in dabbling in not one, but two scam tactics. With that short explanation out of the way, let’s get back to the story at hand.

What happened in Texas?

Roughly seven years of imprisonment and an order to pay $865,210.78 back to victims, that’s what.

You know how we’re always warning people about the risk to fraud victims from money laundering? That’s where an innocent party is tricked into moving money from / to accounts, without realising the money has been stolen. The innocent party, otherwise known as a money mule, is left holding the legal responsibility as the perpetrators pull strings from behind the scenes. Prison time often beckons.

Here, we have someone caught by those same rules while actively getting up to no good. According to the a release, the perpetrator pleaded guilty to one count of conspiracy to commit money laundering.

Using a “fraudulent foreign passport” to open a number of bank accounts in different areas, they used them to:

…receive, launder and distribute wire transfers to coconspirators illegally receiving proceeds of BEC and romance schemes.  For his efforts, Onoimoimilin collected between 10% and 15% of more than $420,000 in fraudulently obtained funds.

New crimes, old laws

It’s frequently tricky to charge people with bad computer related activities, despite there being quite a lot of laws to cover them. Money laundering though, that’s a relatively straightforward one and legal folks understand it perfectly. If they can prove you’ve been ushering money in and out of your account in ways you shouldn’t be, rest assured a whole lot of trouble is heading your way.

Mileage may vary for how satisfying it is for victims to see this person put in prison. There’s almost certainly folks who won’t be getting their money back. Considering we’re talking about life savings and wage packets, there won’t be a happy ending for everyone. Whether we’re talking BEC or romance scams, we need to do our part to ensure we give scammers as few opportunities to strike as possible.