A BEC scammer has pleaded guilty to his part in an operation in which he and co-conspirators tricked two US universities into sending over $872,000 to their accounts.
In July 2918, the University of California San Diego (UCSD) was sent an email spoofed to come from a Dell account demanding the institution redirect its payments to the firm to a new bank account in Minnesota.
The bank account belonged to Amil Hassan Raage, who pleaded guilty to fraudulently receiving nearly $750,000 in 28 payments from the university, From August 8 to September 12 2018.
Raage apparently withdrew the money each time it was wired and transferred it to another account.
His unnamed co-conspirators played a major part in the operation, by creating the spoofed Dell email account from a base in Kenya.
They went through the same modus operandi to defraud a second US university, this time based in Pennsylvania.
According to the Department of Justice (DoJ), the group again used the fake Dell email to trick university officials into wiring funds to a different account.
In total, it sent six payments of over $123,000.
After the Wells Fargo bank in Minnesota froze Raage’s account, he fled the country in September to Kenya, only to be tracked down by local law enforcers working with the FBI’s legal attache in the African country.
He was finally arrested in May 2019 and extradited a couple of weeks after.
“Modern criminals like Raage have ditched the ski mask and getaway vehicle and opted for a computer as their weapon of choice. As this defendant has learned, we are matching wits with new-age thieves and successfully tracking them down and putting an end to their high-tech deception,” said US attorney Robert Brewer.
BEC attacks cost businesses nearly $1.3bn last year, nearly half of the total cybercrime losses recorded by the FBI.