Anatomy of a business email scam: FBI dossier details how fraudster pocketed $500k+ by redirecting payments

Electrolux, construction biz fooled into handing over money funneled out of the US to South Africa

A fraudster has admitted he tricked two suppliers into paying him more than $500,000 by impersonating staff at a subcontractor and a retail outlet via email.

Kenenty Hwan Kim, aka Myung Kim, 64, pleaded guilty [PDF] in a Texas court this week to one count of conspiracy to commit money laundering. He confessed to overseeing two so-called business email compromise scams in which he managed to re-route payments from his victims to his own accounts. He was collared by the FBI in 2019, and the con is documented in the Feds' court filings [PDF].

In one case, we're told, Kim emailed Solid Bridge Construction, based in Huntsville in the US state, pretending to be Brett Chance, the owner of Chance Contracting, which is based in Pinehurst and has carried out work for Solid Bridge. Using an email address very similar to Chance's, Kim asked Solid Bridge to send a $210,000 check for an invoice to an address in Washington state. Solid Bridge did so, believing it was a genuine request.

Kim registered a business called Chance Contracting in Washington, and used that paperwork to amend his bank account as doing business as Chance, allowing him to deposit the check after it arrived.

Once the funds were in his account, Kim moved $190,000 of it to a second account and took out $10,000 in cash. He then tried to shift the rest of the dosh out of the country without tripped any suspicious activity alarms at the bank, by sending it in smaller transfers to Siyabonga Dlamini, a co-conspirator in South Africa, we're told. That person would then presumably wire the money back to Kim via another account or cash transfer, thus covering their tracks.

Kim, however, was only able to slip out about $100,000 of the money before the account was frozen.

Sunnylvsfjorden Fjord in Norway with a cruise ship

There's Norway you're going to believe this: Government investment fund conned out of $10m in cyber-attack


In a second case, Kim targeted home appliances maker Electrolux by posing as one of its retail partners. This time, Kim brought an unidentified co-conspirator in on the action to act as a money mule.

Again, Kim was able to get inside info on an outstanding transaction and, by impersonating the retailer, tricked staff at Electrolux, via email, to divert a $333,200 payment to his co-conspirator's bank account. From there, Kim and his cohort went to the bank, and shifted $220,000 of the money to Kim's account via a cashier's check, as well as make a $30,000 cash withdrawal, of which Kim himself took a $10,000 cut.

The co-conspirator then moved $50,000 to Kim's pal in South Africa. Kim, meanwhile, covered his tracks by moving the $170,000 to an account listed under an LLC he created, before shifting it out of the country via the South African contact.

In addition to the scams, Kim was also said to have run more than three dozen credit card fraud scams in which he set up his own payment processor and, using stolen credit card numbers, racked up and pocketed more than $200,000 in phantom charges.

He was not charged for those scams, at least not in this case.

The penalty for conspiracy to commit money laundering is set at a maximum of 20 years in prison, though by taking a plea deal and cooperating with prosecutors, he will likely face significantly less time when he is sentenced in August. ®

Broader topics

Other stories you might like

  • SEC probes Musk for not properly disclosing Twitter stake
    Meanwhile, social network's board rejects resignation of one its directors

    America's financial watchdog is investigating whether Elon Musk adequately disclosed his purchase of Twitter shares last month, just as his bid to take over the social media company hangs in the balance. 

    A letter [PDF] from the SEC addressed to the tech billionaire said he "[did] not appear" to have filed the proper form detailing his 9.2 percent stake in Twitter "required 10 days from the date of acquisition," and asked him to provide more information. Musk's shares made him one of Twitter's largest shareholders. The letter is dated April 4, and was shared this week by the regulator.

    Musk quickly moved to try and buy the whole company outright in a deal initially worth over $44 billion. Musk sold a chunk of his shares in Tesla worth $8.4 billion and bagged another $7.14 billion from investors to help finance the $21 billion he promised to put forward for the deal. The remaining $25.5 billion bill was secured via debt financing by Morgan Stanley, Bank of America, Barclays, and others. But the takeover is not going smoothly.

    Continue reading
  • Cloud security unicorn cuts 20% of staff after raising $1.3b
    Time to play blame bingo: Markets? Profits? Too much growth? Russia? Space aliens?

    Cloud security company Lacework has laid off 20 percent of its employees, just months after two record-breaking funding rounds pushed its valuation to $8.3 billion.

    A spokesperson wouldn't confirm the total number of employees affected, though told The Register that the "widely speculated number on Twitter is a significant overestimate."

    The company, as of March, counted more than 1,000 employees, which would push the jobs lost above 200. And the widely reported number on Twitter is about 300 employees. The biz, based in Silicon Valley, was founded in 2015.

    Continue reading
  • Talos names eight deadly sins in widely used industrial software
    Entire swaths of gear relies on vulnerability-laden Open Automation Software (OAS)

    A researcher at Cisco's Talos threat intelligence team found eight vulnerabilities in the Open Automation Software (OAS) platform that, if exploited, could enable a bad actor to access a device and run code on a targeted system.

    The OAS platform is widely used by a range of industrial enterprises, essentially facilitating the transfer of data within an IT environment between hardware and software and playing a central role in organizations' industrial Internet of Things (IIoT) efforts. It touches a range of devices, including PLCs and OPCs and IoT devices, as well as custom applications and APIs, databases and edge systems.

    Companies like Volvo, General Dynamics, JBT Aerotech and wind-turbine maker AES are among the users of the OAS platform.

    Continue reading

Biting the hand that feeds IT © 1998–2022