D.A. Vance, NYPD Take Down $2.8 Million Business Email Compromise Scam, Offer Prevention Tips and Tools


May 30, 2019

Defendants Worked With Foreign Actors to Access Manhattan Real Estate Investment Company’s Corporate Email Account, Divert Funds Intended for Real Estate Deal

Manhattan District Attorney Cyrus R. Vance, Jr. and NYPD Commissioner James P. O’Neill today announced the indictment of LUCY BESWICK, 27, and ESTARLIN REYNOSO, 29, for their roles in a “Business Email Compromise Scheme” wherein the defendants’ overseas accomplices gained access to corporate email accounts to steal $2.8 million intended for a real estate transaction with a Manhattan firm, and diverted the funds to a bank account controlled by the defendants. The defendants are charged in a New York State Supreme Court indictment with Grand Larceny in the First Degree, Criminal Possession of Stolen Property in the First Degree, and Identity Theft in the First Degree.[1]  
 
“New Yorkers whose jobs include wiring money should pay attention to this case,” said District Attorney Vance. “Business email compromises cause billions in worldwide losses each year, but there are steps that companies large and small can take to avoid becoming a victim. We recommend verifying the authenticity of any request for funds by getting verbal confirmation from the sender, and using trusted phone numbers and code words only known to the parties involved. We’re also urging New York companies to adopt an anti-phishing tool called DMARC (Domain-based Message Authentication, Reporting and Conformance) to authenticate emails and prevent this kind of fraud. DMARC, as well as a comprehensive Cybersecurity Toolkit for Small Businesses, are available for free from the Global Cyber Alliance, a non-profit, cross-sector coalition I co-founded with the City of London Police. We urge New York companies to remain vigilant, and to report any possible intrusions or thefts to our Cybercrime and Identity Theft Bureau at 212 335-9600.”
 
“Today’s indictment showcases the effectiveness of cross-agency law enforcement collaboration, and our shared commitment to protecting people from business email compromise scams,” said Commissioner O’Neill. “This work also provides meaningful measures for companies of all sizes to safeguard themselves against future crimes. I thank our partners in the Manhattan District Attorney’s office, and our FBI partners at the NYPD/FBI Joint Cybercrime Taskforce, for working together to successfully move this investigation forward.”
 
According to court documents and statements made on the record in court, in June 2018, foreign actors fraudulently gained access to a Manhattan real estate investment company’s corporate email account, allowing them to monitor potential investment deals. Shortly before the completion of a $2.8 million deal, the foreign actors emailed the investment company fraudulent wire instructions purporting to come from the intended recipient of the $2.8 million payment. Accordingly, instead of sending funds to the correct recipient, the investment company inadvertently wired $2.8 million to REYNOSO RISING, a TD bank business account controlled by REYNOSO.
 
REYNOSO initiated wire transfers from REYNOSO RISING to three different accounts in China before the investment company detected the fraud and reported the theft. After reporting the fraud, the victim was able to recover a large portion of the stolen funds.
 
The joint investigation revealed that BESWICK, working with overseas accomplices, directed REYNOSO to open the REYNOSO RISING bank account, and several other accounts at various banks, in order to receive these wire transfers and move the funds overseas. BESWICK provided REYNOSO with step-by-step instructions in Whatsapp messages, including how to open a business account, what to say to tellers, and where to wire the stolen funds. Messages between BESWICK and REYNOSO included up-to-the minute developments of activity in the REYNOSO RISING account, as well as forged invoices for the wire transfers that purported to account for the purchase of various goods. BESWICK’s WhatsApp messages with overseas accomplices detailed their business arrangement, stating that she would earn 8% of every successful wire transaction, to be withdrawn in cash. These messages also indicated that BESWICK directed several other individuals to engage in similar conduct throughout the tristate area.

Recent Trial Conviction for Similar Scheme
 
On May 23, 2019, CHARLES GORMAN was convicted at trial of Grand Larceny in the Second Degree, Criminal Possession of Stolen Property in the Second Degree, and Scheme to Defraud in the First Degree for stealing $350,000 through a similar business email compromise scheme. As proven at trial, two individuals seeking to purchase a commercial warehouse in Redhook each put $350,000 in escrow with the seller’s attorney, pending the final purchase of the property. The deal fell through, and the victims requested that each of the $350,000 deposits be returned to their respective bank accounts via wire transfer. Email accounts belonging to the parties in the transaction were breached, and intruders used domains similar to those belonging to the buyers to impersonate them over email, and make fraudulent requests that the two $350,000 deposits be wired to accounts held by the intruders’ accomplices. One of the $350,000 wire transfers was redirected to GORMAN’s Wells Fargo account, and within 48 hours, GORMAN withdrew more than $66,000 in cash. The D.A.’s ensuing investigation revealed that GORMAN was recruited by unidentified individuals in Nigeria via Facebook, who provided GORMAN with instructions to transfer funds around the U.S. and overseas. GORMAN is expected to be sentenced on June 12, 2019.
 
Preventing Business Email Compromises
 
According to the Internet Crime Complaint Center (IC3), between October 2013 and May 2018, Business email compromises (“BECs”) resulted in more than $12 billion in worldwide losses, including nearly $3 billion in the United States. BECs typically target businesses that engage in wire transfers, such as real estate firms, law firms, or architects, or individuals who are making large purchases, such as residential real estate.
 
While theses scheme take many forms – including compromised accounts, spoofed domains, display-name deception, and computer intrusion – scammers typically try to induce victims to send a wire transfer to bank accounts they control. Fraudulently transferred funds are often first sent to domestic “mule” accounts in the United States before being wired abroad, in order disguise the illegitimacy of the request. Scammers typically impersonate individuals in positions of authority and stress the urgency of the task in an effort to persuade the sender. Scammers frequently request funds towards the end of the work day, or work week, to delay the discovery of the inadvertent transfer.

The Manhattan D.A.’s Cybercrime and Identity Theft Bureau offered the following tips and suggestions to guard against business email compromises:

  • Verify the authenticity of any request for funds by verbally confirming it with the sender, using known and trusted phone numbers.
  • Verify the authenticity of any request for funds by requiring the use of code words only known to the parties involved.
  • Check the email address sending the request to verify that it is recognized.
  • Adopt the use of DMARC (Domain-based Message Authentication, Reporting and Conformance) to authenticate emails, prevent fraud, reduce cyber risks, and protect your brand. Global Cyber Alliance, a non-profit, cross-sector coalition co-founded by D.A. Vance, provides the tool for free at dmarc.globalcyberalliance.org. Global Cyber Alliance also offers a Cybersecurity Toolkit for Small Businesses which provides free, comprehensive tools to protect against phishing, malware, ransomware, and other cyber threats.
  • If a wire transfer is sent to an unintended recipient, contact both the sending and recipient financial institution as quickly as possible to stop and/or recall the transfer. Contact the Manhattan D.A.’s Cybercrimes and Identity Theft Bureau at 212 335-9600.

Assistant D.A. James Vinocur is handling the prosecution of BESWICK and REYNOSO, and Assistant D.A. Jessica Peck handled the prosecution of GORMAN. Both were supervised by Assistant D.A. Elizabeth Roper, Chief of the Cybercrime and Identity Theft Bureau, and Executive Assistant D.A. Michael Sachs, Chief of the Investigation Division. Analyst Catherine Wigdor assisted with the investigation.
 
District Attorney Vance thanked Detective Mark Rubins of the NYPD/FBI Joint Cybercrime Taskforce for his assistance with the investigation.
 

Defendant Information:
 
LUCY BESWICK, D.O.B. 12/8/1991
Paterson, NJ
 
Charges:

  • Grand Larceny in the First Degree, a class B felony, one count
  • Criminal Possession of Stolen Property in the First Degree, a class B felony, one count
  • Identity Theft in the First Degree, a class D felony, one count

 

ESTARLIN REYNOSO, D.O.B. 8/19/1989
Paterson, NJ
 
Charges:

  • Grand Larceny in the First Degree, a class B felony, one count
  • Criminal Possession of Stolen Property in the First Degree, a class B felony, one count
  • Identity Theft in the First Degree, a class D felony, one count

[1] The charges contained in the indictment are merely allegations, and the defendants are presumed innocent unless and until proven guilty. All factual recitations are derived from documents filed in court and statements made on the record in court.