A 64-year-old man has admitted his role in an email-based fraud scheme that relied on spoofed email addresses to con two companies out of more than $500,000.
Kenety Kim, or Myung Kim, pleaded guilty Tuesday in a Texas court to conspiracy to commit money laundering as part his role in a business email compromise scheme. Kim used email addresses that impersonated legitimate corporate accounts to intercept financial transfers, or to convince a firm to direct money into an account under Kim’s control, according to the plea deal.
As part of his agreement with U.S. prosecutors, Kim acknowledged that he has earned more than $700,000 from a web of fraud schemes, including some for which he was not charged. In one incident, he created an email account that appeared to belong to a construction company based in Pinehurst. then used that to ask another company, based in Huntsville, to send him $200,000. Kim also used the same physical address of the company he impersonated in his email, and used a counterfeit Business License Application from the State of Washington Department of Revenue to boost his credibility.
Victims included Electrolux, an appliance company, and Solid Bridge Construction, based in Huntsville.
Upon receiving the fraudulent payments Kim would direct the funds into various bank accounts. Over a span of a few days in July 2018, Kim wired roughly $100,000 into an account in South Africa.
Kim faces up to 20 years in prison when he’s scheduled to be sentenced in August.
Business email compromise scams, in which attackers pose as a corporate vendor or trusted associate, accounted for $1.7 billion in reported losses in 2019, according to annual FBI cybercrime figures. Scammers typically work as part of larger units, in which email spoofers combine their skills with money launderers and international groups with access to hacked bank accounts.
In September 2019, the U.S. Department of Justice announced it had arrested 281 people globally and seized $3.7 million as part of a four-month investigation into BEC scams. More recently, apparent fraudsters also posed as U.S. military generals, including NSA Director Paul Nakasone, as part of a separate effort.
Kim’s plea agreement is available in full below.