Dorchester union loses $6.4 million in e-mail spoofing scheme; feds hope to recover about $5.3 million of that

The U.S. Attorney's office yesterday moved to confiscate some $5.3 million it says was stolen from a Dorchester-based union through a scheme in which scammers used forged e-mail addresses to convince the union to transfer money from its account to a scammer account that was then used to funnel the money to banks across the US, China, Hong Kong, Singapore and Nigeria.

According to the US Attorney's office, the scammers forged mail from an investment manager with whom the union worked, well enough to convince union officials to transfer a total of $6.4 million from the union account to another account. Neither the union nor the investment manager snagged by the "business email compromise" were identified in court filings.

In a statement, the US Attorney's office says:

The fraudulently-obtained funds were then allegedly transferred through a series of intermediary bank accounts – with some funds sent, or attempted to be sent, to a cryptocurrency exchange and various bank accounts located in Hong Kong, China, Singapore and Nigeria. Investigators were able to trace proceeds of the scheme to seven domestically held bank accounts, the contents of which were subsequently seized by U.S. authorities.

In the formal request to seize the money, filed in US District Court in Boston, the US Attorney's office detailed that the money it was seeking to seize currently sits in accounts at JP Morgan Chase and at a bank in Texas. The remainder of the union's money, not subject to federal forfeiture, was last traced to the overseas accounts listed in the scheme.

In their formal forfeiture request, prosecutors further detailed the scheme, saying that in addition to the scammers, also not identified, this scheme involved unwitting "mules," who were also scammed to provide a place to stash the stolen money until directed to send it to accounts directly controlled by the e-criminals, providing these duped intermediaries "with a dubious explanation for the source of the funds, such as - an inheritance, a foreign lottery, a gift, funding for a business project, and others."

In the union's case, several mules were involved, in particular, the unwitting dupe into whose account the money was first transferred:

According to "Signatory DA-1&2," in or around September 2022, "Signatory DA-1&2" began receiving messages via Google Chat and WhatsApp with instructions from an unknown perpetrator. These messages told "Signatory DA-1&2" that a European bank was holding a "gift" of over $17 million for "Signatory DA-1&2."

Between September 2022, and January 2023, "Signatory DA-1&2" received numerous messages from the unknown perpetrator discussing the "gift" that could be transferred to his account. "Signatory DA-1&2" became a "mule" in the fraud and money laundering scheme when funds were later deposited in his account.

Once the money was transferred, the scammers then instructed "Signatory DA-1&2" to transfer the bulk of the money to accounts more directly controlled by the scammers.

The complaint continues that on Jan. 27, 2023:

Victim-1's [the union's] employees received an email that appeared to be from Witness-1 [the investment manager], but was in fact a spoofed email, different from Witness-1's email address by one letter. The initial email correspondence between Victim-1 and Witness-1 concerned previously arranged payments. The email from the spoofed email address changed the beneficiary bank account of a $6,400,000 payment to DA-1. The spoofed email falsely and fraudulently created the impression that the message was legitimate and had been sent from Witness-1's account.

At the time, Victim-1's employees were unaware that the spoofed email came from someone who was not Witness-1. On or about January 30, 2023, in reliance on the spoofed and fraudulent email, Victim-1 sent a wire in the amount of $6,400,000 from a bank account in its name to DA-1, as instructed by the spoofed email.

The complaint does not specify how the scammers first came to realize that the specific investment manager was working with the specific union.