Moe Abourched and Katerina Abourched are suspected of carrying out a fraudulent scheme in which they tricked a school district in Michigan (USA) into transferring a large amount of money to the bank account of their California nail salon.
According to the police, the district and taxpayers have become victims of an online fraud called BEC-attack (business email compromise). During the fraudulent operation, $2.8 million was stolen. Banks were able to withdraw about half of this amount after the fraud was uncovered. The couple deny any wrongdoing.
According to court documents, an unknown hacker hacked into the email account of one of the school district’s human resources department employees and, through emails, persuaded a colleague from the finance department to change the bank account to which medical insurance payments were sent. The emails were brief and polite.
The police traced the transfer of money to the bank account of the salon belonging to the Aburshed family. After the theft was discovered, Mo Aburshed contacted the police and said that a European woman named Dora tricked him into accepting funds and transferring them to other accounts. As a secret service agent told the AFP news agency, Aburshed’s claims are false, and he used a similar ploy after the BEC attack on a warehouse company in Florida.
“My clients have become unwitting victims of this scheme,” said Kevin Gres, Abushedov’s lawyer.
BEC scammers use various methods to hack legitimate corporate email accounts and trick employees into sending electronic payments or making purchases. Targeted phishing emails are a common type of attack, but experts say that scammers quickly learned to plausibly impersonate company executives and influence subordinates.
For many years, both BEC fraud and ransomware attacks have been viewed primarily as a law enforcement problem. This is still true for BEC attacks, but ransomware is now a key national security concern after a series of devastating attacks on critical infrastructure.