What financial cybercrime looks like

By Keith F. Houston
Assistant District Attorney in Harris County

Regardless of your jurisdiction’s size, someone who lives in your county has likely been affected or victimized by a financial cybercrime. These offenses can range from using a victim’s eBay account to purchase a nonexistent item; theft or misuse of identity; infecting computers with ransomware; romance or catfishing scams; or the redirection of funds from legitimate business transactions, real estate closings, and payments from government contracts. There are many more in Chapter 33 of the Penal Code that are not included in this article for space reasons.[1] My cases of financial cybercrime typically involve people, companies, governments, and organizations from all parts of Texas and the world. In fact, many of my complainants are citizens of cities of less than 50,000 residents and from small businesses or organizations with fewer than 50 employees. These crimes are rising and can happen to anyone in Texas. My goal in this article is to increase the awareness and prosecution of these crimes.

A tangled and twisted web

The following story is based on actual cases in which money laundering[2] was the primary charge.

            Lamar was a Houston engineering student on the honor roll. He came from a wealthy family in West Africa. Lamar’s parents had him on a budget, and he wanted more money. One day a man named Blake approached Lamar at a gas station. Lamar recognized Blake from local clubs that cater to African immigrants. Blake told Lamar he needed someone to move money for his business—he could not open a bank account himself because of his immigration status. Blake and Lamar made a deal that Lamar would keep 10 percent of the money sent to the account and withdraw the rest in cash for Blake.

            Blake drove Lamar to the Harris County Clerk’s Office and gave him $100. Blake told him to go inside and file a DBA (which is an assumed name that means “doing business as”) for “Libby Enterprises.” Blake let Lamar keep the change as his first payment from their new joint business venture.

            Hundreds of miles away, Archie was a widower in his late 60s living in the coastal Carolinas. Archie met a woman he knew as Libby on a dating website. Libby was good-looking but not out of Archie’s league. She emailed or messaged him regularly, and Archie quickly fell in love with her. They communicated daily for three months (though they never met in person) before Libby told Archie she wanted to move in with him and take care of him. She asked for $20,000 to move to his place, and he eventually agreed to give her the money. Libby gave Archie a business bank account number owned by Lamar (DBA Libby Enterprises), and Archie sent the money.

            Lamar received the funds and immediately transferred $2,000 (his 10-percent cut) to a savings account. Blake had Lamar wire $9,900 to a bank account in China and withdraw $8,100 in cash for Blake. Blake drove Lamar to two different bank branches, waiting in the car both times, to watch Lamar complete the transactions. Over the next eight weeks, Lamar’s account received over $150,000 from seven different victims. All of these victims were romance-scammed by someone named Libby. One victim filed a complaint with her bank, and Lamar’s account was closed for fraud. Before the account was closed, though, Lamar had sent an additional seven wires of $9,900 ($69,300 in total), to different Chinese bank accounts. He also withdrew $63,000 for Blake in amounts of less than $10,000 each time and kept about $17,000 for himself. (The Bank Secrecy Act requires a bank to obtain identification for any transactions of $10,000 or more, so criminals will typically stay beneath this limit.) Lamar spent most of his money at clubs, hookah shops, restaurants, and Uber. The account had less than $500 in it when the bank finally closed it. 

Layers of crime

This scheme shows the three typical layers of financial cybercrime. There is a hacker, typically outside the United States, who finds a victim and takes advantage of him. In this case, an unknown hacker used the persona of Libby. The hacker will usually be scamming several people at the same time using similar methods on each victim. When the hacker starts asking for money, she will hire a recruiter, in this case, Blake. The recruiter may be found using family or friends, or he may be recruited from a scammer chat room on Reddit or Facebook. The recruiter will then hire a “money mule” or mules (Lamar here) to open accounts to receive funds. The United States Computer Emergency Readiness Team defines money mules as people used to transport and launder stolen money.[3] Funds are typically withdrawn in a way to avoid bank reporting limits as mentioned above.[4] Most mules will obtain a DBA or assumed name to open a business checking account so that large money transfers are less suspicious. It is rare for a money mule to be the actual hacker. While it is possible for one person to assume all roles, most hackers in these cases live outside of U.S. jurisdiction. A hacker can mask his identity and let others take the risk while still reaping a large part of the proceeds. This setup is seen primarily in crimes involving business email compromise, real estate sales, government contracts, and the like.

            In the above case, the victim who contacted her bank also filed a report with IC3.gov, the FBI’s Internet Crime Complaint website. It is extremely important that these crimes be reported to IC3.gov because the FBI will add the information to a database. The FBI or an agency with access to the database can discover a person involved in multiple reports and open an investigation. At least 10 percent of the defendants I’ve prosecuted were discovered this way or went from a single case to an aggregate because of a victim’s report. The U.S. Postal Inspectors obtained and reviewed bank records before bringing Lamar in for questioning. Lamar admitted that he should’ve known it was a scam because of the amount of funds going to his account from different sources. Lamar implicated Blake, but the Inspector discovered that Blake was using a fake name. Lamar was arrested and indicted for third-degree money laundering. I became aware of this crime when the postal inspectors approached me about charges. About half of the charges I have filed were because of tips from IC3.gov. These reports continue to increase, but reports directly to law enforcement are increasing at a faster pace. In the past, many complainants would report to IC3 after being told by local authorities that the crime was civil or a federal issue. Most law enforcement agencies today will begin an investigation and then ask for assistance if needed. Cooperation among agencies has allowed for recent progress in the prosecution of these crimes.

            A few months later, Lamar’s attorney approached me and gave me several pictures of Blake, which were screenshots Lamar took on social media; Lamar wanted to work out a deal. For immigration reasons, he did not want to plead to money laundering because it is a crime of moral turpitude. Because of his cooperation with the investigation, I offered to refile the charge as Engaging in the Business of Money Transmission without a License.[5] A person commits this offense if he receives compensation for the receipt of money or monetary value by any means in exchange for a promise to make the money or monetary value available at a later time or different location. This is a third-degree felony as well[6] but is not listed as a crime of moral turpitude.[7] In essence, Lamar acted as Blake’s banker without having the proper license. Lamar pled guilty to that offense and paid his portion of the restitution prior to the plea. The complainants received just under $17,000 from Lamar but had combined losses of over $150,000. In most cases no restitution is available.

            One additional note about Lamar’s case. Of the eight victims, only five were cooperative. Two others wanted to “move on,” while the remaining victim was hostile and clearly in denial. Archie, though, was very cooperative. He admitted that this was not the first time he had fallen victim to a scam. In fact, he estimated he had lost over $200,000 to these swindles over the previous three years! Archie subsequently agreed to let his daughter take over his finances so he doesn’t fall for the scam again.

            This is not the end, but just the beginning of the story.

Another related scam

About the time Lamar’s case was filed, Dayna was opening bank accounts for her boyfriend, Ken. Dayna was a single mom who met Ken at a club that catered to African immigrants. Ken had Dayna obtain a DBA and open a business bank account. Almost every day, Dayna would go to Western Union and pick up amounts ranging from $100 to $2,800 for the DBA. She always told the clerk it was for eBay sales, which is what Ken told her to say. We later learned that she was collecting money for various Craigslist and eBay scams. Once a week, she would send a wire to a bank account in China and give the rest of the money to Ken. Every few weeks Ken would change the China bank account. Dayna was in love with Ken and received only small sums directly from him; plus, Ken paid for her to live in a luxury apartment. He regularly supplied her with food and alcohol and paid for her child’s pre-school.

            One day, Dayna told Ken she wanted to earn more money. Ken had her set up three additional DBAs with corresponding business bank accounts. Over the next month, one of the accounts received just under $100,000 in funds from 14 different sources. All 14 victims believed they were pre-paying for a vacation and getting a great deal. For the new accounts, Ken had Dayna send half of the funds to China, withdraw 40 percent for him, and keep 10 percent for herself. A month later, Ken told Dayna to be prepared to transfer money to four different bank accounts he provided.

            The next day Dayna opened the bank app on her phone and saw the account had a new wire deposit for almost $600,000. She immediately called Ken, who had her go to the bank and obtain a cashier’s check for $100,000 made out to a business name Ken provided. He met her at her apartment and used her phone app to wire funds to the four new bank accounts. The next day, Dayna received a wire for $100,000 to her own account from an account she didn’t recognize. She tried to call Ken but was unable to get a hold of him. Dayna went to the bank to try and withdraw some of the funds but was told her account was temporarily frozen and she would need to wait 24 hours.

            The $600,000 deposit was from an overseas company paying another overseas company for materials. Both companies had their email systems compromised. Hackers had been watching the email exchange between the companies, then intercepted the email for payment and changed the wiring instructions. Within 24 hours, the scam was discovered and reported to IC3.gov. The Financial Fraud Kill Chain (FFKC)[8] was initiated (available only for international transactions), which resulted in freezing Dayna’s account as well as the four accounts to which she sent funds. The FFKC is a process to help recover large international wire transfers stolen from the United States and return funds to victims, though normal bank procedures are still used to attempt to recover fraudulent funds. The company was able to retrieve just over half of its loss. Dayna was detained at the bank the following day and arrested for first-degree money laundering.

            Dayna initially refused to cooperate and remained in custody for several weeks. Her attorney arranged a proffer with myself and the FBI. Dayna gave us the bank information for an account she had opened without Ken’s knowledge. It contained about $33,000 in funds she had received from the earlier schemes. She opened it because she knew Ken was “shady” and wanted to make sure she had her own money. We were able to distribute those funds to the victims via a Chapter 47 asset forfeiture.[9] When talking about Ken, Dayna mentioned the name Blake. I retrieved a photo of the Blake I knew from Lamar’s case, and Dayna confirmed that Ken and Blake were the same person. At this point, I emailed the photo of Ken/Blake to the defense attorneys on similar cases. One attorney for a woman named Anise responded that she also knew Ken/Blake.

Yet another scam

Anise’s case was unusual for several reasons. Anise was a business professional in her early senior years. She had lost her husband at the age of 50 and had not remarried. She was arrested after law enforcement traced the proceeds of 30-plus fraudulent transactions through accounts she controlled. The transactions totaled almost $1 million in fraud. Anise’s attorney had been asking to let her plead open to the court because I had offered only prison time. We agreed to a proffer, but I made no guarantees. Anise disclosed information regarding 15 other transactions totaling $500,000. All the accounts had been closed for fraud, but one had been frozen and contained almost $150,000. With Anise’s assistance and our own subpoena power, we determined exactly which victims the seized funds belonged to. A Chapter 47 restitution was done to distribute the funds from the frozen account to three victims. None of them were made whole, but one small business owner told me we had saved his business from probable bankruptcy. 

            Anise started as a victim of these scams. A couple years after her husband died, she got on a senior dating site just to look around. She met Bob, an athletic architect who traveled the world for business. Bob was a widower, and Anise quickly fell in love. Bob and Anise always had issues when trying to meet in person. After a few months, Bob contacted her from Dubai and said he needed $25,000 to pay local authorities to get his supplies out of customs. She thought about it for a while, then sent the funds. A week later, he paid her back and sent flowers. They continued to talk for about a month before Bob contacted her saying he had an opportunity for her. One of his investors had backed out at the last minute from a deal that they needed to close within four days. The other three investors had each put in a million dollars, but she could take over the other investor’s part for just $700,000. Anise had no mortgage and outright owned a couple rental properties, and all the properties were in her name. (Her information was publicly available from the assessor’s office, which is likely how Bob knew she had access to so much money.) She used those properties to obtain a $700,000 loan and sent the money to Bob. That was the last she heard from him. Anise eventually had to sell her rental properties to pay back the loan.

            For the next month, Anise frantically sent messages to every number and email she had for Bob. About a month later, someone responded and told her they would help her get her money back. She just needed to open some bank accounts and move money. That is when Anise went from victim to money mule. She worked as a mule for a year before meeting Blake/Ken. She knew him as Ben. Ben took Anise to London where she met a person introduced as “Mr. E.” Mister E and Ben explained that she would now be receiving money from mules and forwarding the money to overseas bank accounts. Six months later she was arrested. Two months after Anise’s arrest, Dayna was arrested, and the person known as Ben/Ken/Blake left the United States using Ben’s fake United Kingdom passport.

            The vast majority of these events occurred in 2016 and 2017 and are connected to other investigations, including some current ones. Investigating and prosecuting these crimes usually leads to other people who have committed similar crimes. I have been pursuing primarily the money mules at the bottom of the scheme. With the information our office has obtained from money mules, state, federal, and foreign agencies have pursued the recruiters and hackers. I intentionally left details of this story hanging to avoid interference. 

            This whole story likely would not have been discovered but for the one victim who filed a report with IC3.gov. The other two who made reports in Lamar’s case made them to local authorities outside of Texas. One agency told the victim it was a civil matter, while the other investigated the crime but declined to prosecute because they did not want to extradite Lamar. Many of these crimes are interconnected because of the global nature of cybercrime. Cooperation and sharing information is the key to combatting these crimes. You may think this story is unique, but I have several other cases in which similar connections have been found.  

The sad numbers

In 2019, the FBI’s IC3 reported 467,361 cybercrime complaints in the United States with a total loss of $3.5 billion. About $1.4 billion of that loss was from victims 50 or older. Criminals are increasingly turning to cybercrime because there is little physical risk. A criminal can search for victims from anywhere at any time, and small efforts reap big rewards.

            The key for investigating and prosecuting cybercrime is cooperation. In 2018, our office participated in Operation Wire Wire, which resulted in 74 arrests worldwide, 42 of those in the United States and 11 of which were charged in Harris County. In 2019, we participated in Operation Re Wire, which netted 281 arrests worldwide, 74 in the U.S., and 19 in the Houston area (17 charged in Harris County). Since 2018 we have participated in over 250 investigations and filed about 200 charges in Harris County. These charges have involved people of all ages from all over the world including individuals, companies, and organizations from large and small jurisdictions in Texas. Because most of my charges involve aggregate amounts, the total loss is usually over $300,000. In some cases it is over $10,000,000. Many of the complainants became victims because they were lonely and sought companionship online. Because of the current pandemic and shutdown, I expect these crimes to increase even further. If you have not seen them yet, you will. Even if you don’t plan to prosecute yourself, please make sure the information is reported to IC3.gov so it can be added to the database. In these cases, one report can make a huge difference. We can make a difference.

            If you need any assistance, I’m available at [email protected]

Endnotes

[1]  Financial cybercrimes in Chapter 33 of the Texas Penal Code include: 1) §33.02, Breach of Computer Security, 2) §33.022, Electronic Access Interference, 3) §33.023, Electronic Data Tampering, and 4) §33.024, Unlawful Decryption.

[2]  Tex. Penal Code §34.02. Elements for money laundering include:
                  1) knowingly;
                  2) [choose one or more conjunctively] (a) acquire and maintain an interest, (b) conceal, (c) possess, (d) transport, (e) receive, and/or (f) offer to receive;
                  3) [amount] (a) at least $2,000 and less than $30,000, (b) at least $30,000 and less than $150,000, (c) at least $100,000 and less than $300,000, or (d) at least $300,000;
                  4) [choose one] (a) constituted or (b) the defendant believed to constitute
                  5) The proceeds of criminal activity namely _________.

Note: For an aggregate charge, we must also show that the crime was “pursuant to a single scheme and continuing course of conduct.” And when investigating or prosecuting money laundering, it is helpful to remember this from Tex. Penal Code §34.02 (a-1):  “Knowledge of the specific nature of the criminal activity giving rise to the proceeds is not required to establish a culpable mental state under this section

[3]  Detailed description of money mules available at https://www.fbi.gov/news/stories/fbi-joins-international-campaign-to-stop-money-mules-121718 and https://www.us-cert.gov/sites/default/files/publications/ money_mules.pdf.

[4]  Information on the Bank Secrecy Act available at https://www.occ.treas.gov/topics/supervision-and-examination/bsa/index-bsa.html.

[5]  Tex. Finance Code §151.302.

[6]  Tex. Finance Code §151.708.

[7]  “Crime involves moral turpitude if ‘the act denounced offends the generally accepted moral code of mankind.’ It involves ‘baseness, vileness, depravity in the private and social duties which man owes to his fellow man or to society in general.’” Matter of Humphreys, 880 SW2d 402, 408 (Citing In re Hallinan, 272 P.2d 768; In re Shorter, 570 A.2d 760, and In re McBride, 602 A.2d 626 (D.C.1992). Some examples of these crimes can be seen in Texas Rule of Evidence 609. For examples related to immigration, see Immigration and Nationality Act §212(a)(2)(A)(i)(I).

[8]  More information about the financial fraud kill chain is available at https://www.alta.org/news/news.cfm?20190131-Hit-by-Wire-Transfer-Fraud-Use-the-Kill-Chain-Process.

[9]  Tex. Code Crim. Proc. Chapter 47 (Disposition of Stolen Property).