A 31-year-old man from Sandy Springs, Georgia has been sentenced to 10 years in prison for laundering over $4.5 million through business email compromise (BEC) scams and romance fraud schemes targeting the elderly. Malachi Mullings pleaded guilty to the money laundering offenses in January 2023.
Shell Company Used as Conduit for Illicit Funds
According to court documents, Mullings opened 20 bank accounts under a sham company, The Mullings Group LLC, to serve as a conduit for laundering the fraudulent proceeds from at least 2019 to July 2021. The scheme netted millions of dollars through:
- BEC attacks targeting a healthcare benefit program, private companies, and other entities
- Romance fraud schemes defrauding elderly individuals
Tactics of BEC Scams and Romance Fraud
A BEC scam is a form of targeted cybercrime where bad actors trick executives and employees into sending money or sensitive data to accounts under their control through social engineering tactics. These attacks often involve compromised accounts used to send phishing emails urging vendors to make wire transfers or change banking details.
On the other hand, romance scams typically involve deceiving elderly individuals into sending money under the pretense of a romantic relationship.
Lavish Spending and Ongoing Cybercrime
The Department of Justice (DoJ) stated that “together with his co-conspirators, Mullings engaged in financial transactions designed to conceal the fraud proceeds and used some of the proceeds to purchase luxury items, such as expensive cars and jewelry.” This included a Ferrari purchased with $260,000 from a romance scam.
In a related development, a Russian national named Evgeniy Doroshenko has been indicted for his role as an access broker, breaking into corporate networks and selling that initial access to other actors on cybercrime forums between February 2019 and May 2024.
The DoJ emphasized that “cybercrime forums, like the one used by Doroshenko to sell access to victim computer networks, are online forums where cybercriminals promote and facilitate a wide variety of criminal activities including, among other activities, computer hacking and trafficking in stolen data.”