Anatomy of a business email scam: FBI dossier details how fraudster pocketed $500k+ by redirecting payments

Electrolux, construction biz fooled into handing over money funneled out of the US to South Africa


A fraudster has admitted he tricked two suppliers into paying him more than $500,000 by impersonating staff at a subcontractor and a retail outlet via email.

Kenenty Hwan Kim, aka Myung Kim, 64, pleaded guilty [PDF] in a Texas court this week to one count of conspiracy to commit money laundering. He confessed to overseeing two so-called business email compromise scams in which he managed to re-route payments from his victims to his own accounts. He was collared by the FBI in 2019, and the con is documented in the Feds' court filings [PDF].

In one case, we're told, Kim emailed Solid Bridge Construction, based in Huntsville in the US state, pretending to be Brett Chance, the owner of Chance Contracting, which is based in Pinehurst and has carried out work for Solid Bridge. Using an email address very similar to Chance's, Kim asked Solid Bridge to send a $210,000 check for an invoice to an address in Washington state. Solid Bridge did so, believing it was a genuine request.

Kim registered a business called Chance Contracting in Washington, and used that paperwork to amend his bank account as doing business as Chance, allowing him to deposit the check after it arrived.

Once the funds were in his account, Kim moved $190,000 of it to a second account and took out $10,000 in cash. He then tried to shift the rest of the dosh out of the country without tripped any suspicious activity alarms at the bank, by sending it in smaller transfers to Siyabonga Dlamini, a co-conspirator in South Africa, we're told. That person would then presumably wire the money back to Kim via another account or cash transfer, thus covering their tracks.

Kim, however, was only able to slip out about $100,000 of the money before the account was frozen.

Sunnylvsfjorden Fjord in Norway with a cruise ship

There's Norway you're going to believe this: Government investment fund conned out of $10m in cyber-attack

READ MORE

In a second case, Kim targeted home appliances maker Electrolux by posing as one of its retail partners. This time, Kim brought an unidentified co-conspirator in on the action to act as a money mule.

Again, Kim was able to get inside info on an outstanding transaction and, by impersonating the retailer, tricked staff at Electrolux, via email, to divert a $333,200 payment to his co-conspirator's bank account. From there, Kim and his cohort went to the bank, and shifted $220,000 of the money to Kim's account via a cashier's check, as well as make a $30,000 cash withdrawal, of which Kim himself took a $10,000 cut.

The co-conspirator then moved $50,000 to Kim's pal in South Africa. Kim, meanwhile, covered his tracks by moving the $170,000 to an account listed under an LLC he created, before shifting it out of the country via the South African contact.

In addition to the scams, Kim was also said to have run more than three dozen credit card fraud scams in which he set up his own payment processor and, using stolen credit card numbers, racked up and pocketed more than $200,000 in phantom charges.

He was not charged for those scams, at least not in this case.

The penalty for conspiracy to commit money laundering is set at a maximum of 20 years in prison, though by taking a plea deal and cooperating with prosecutors, he will likely face significantly less time when he is sentenced in August. ®


Biting the hand that feeds IT © 1998–2020