Skip to main content
U.S. flag

An official website of the United States government

Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.


Secure .gov websites use HTTPS
A lock () or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

United States Recovers $2.4 Million Obtained In Business Email Compromise

Published By
U.S. Attorney's Office
Published Date

ORLANDO – United States Attorney Roger B. Handberg announces that the United States has civilly forfeited $2,462,000 in proceeds obtained from a wire fraud scheme that involved the takeover of a business email account. The forfeited funds are being returned to the fraud victim.

According to court documents, the victim, Company 1 (“C1”), sells comprehensive lead frame products and material solutions to the semiconductor packaging industry. In April 2022, C1 received an email requesting a change of payment information from someone it believed worked at its business partner, Company 2 (“C2”), a heavy equipment manufacturer from which C1 regularly purchases lead frame equipment. The email came from what appeared to be C2’s true email address. The email explained that C2 was unable to accept payment into its regular account due to a “fiscal year update,” and instead, asked C1 to make future payments to a different account. This email was a fraudulent communication intended to mislead C1 into unwittingly transferring funds to a criminal entity, rather than C2. As a result of the fraudulent communication, C1 wired $2,462,000 million to the account identified by the fraudster.

After realizing that C2 had not sent the email requesting the change, C1 reported the fraud to its bank, which ultimately caused the $2,462,000 million to be frozen. Agents from the United States Secret Service (USSS) then tracked down the sole signatory of the account that received the funds, S.T., who informed USSS agents that he has never done business with C1 or C2 and he did not believe he was the rightful owner of the funds. S.T. claimed that in approximately January 2022, he met a group of individuals at a Bitcoin conference and agreed to contract his services to the group. S.T. provided his banking information to this group in order to receive payment for the work he was going to perform. S.T. stated that he communicated with the group primarily though the WeChat messaging application, and that when he contacted them about the funds, they denied any fraud-related activity. Because C1 and its bank acted quickly, law enforcement was able to seize and forfeit the full amount transferred by C1.         

United States Attorney Handberg has requested and received permission from the Department of Justice’s Money Laundering and Asset Forfeiture Section (MLARS) to remit the forfeited funds back to the victim. MLARS administers the Department’s Asset Forfeiture Program victim compensation process to ensure forfeited funds are returned to victims. U.S. Attorney Handberg noted that “civil forfeiture is an important tool frequently used by federal law enforcement to benefit victims.” In fact, in fiscal year 2023, the Middle District of Florida obtained permission to use almost $44 million in forfeited funds to compensate crime victims. Since 2000, more than $11 billion in forfeited funds has been returned to victims through federal forfeiture. In many cases like this one, criminal forfeiture is not an option because law enforcement is not able to identify the perpetrator even after the criminal proceeds are recovered. U.S. Attorney Handberg thanks MLARS for its assistance in facilitating the distribution in this matter.

“This is another example of how fraudsters are getting more sophisticated with their schemes to steal money,” Orlando Field Office Special Agent in Charge Caroline O’Brien Buster said. “With the cooperation of our partners in the business community, we were able to quickly freeze the funds and assist with returning them to the victim. The United States Secret Service will continue to investigate these and other types of financial fraud in our community and around the nation.”

Business Email Compromise (BEC) is a sophisticated fraud scheme targeting businesses that use wire transfers as a form of payment. The BEC scheme affects large global corporations, governments, and individuals, with current global daily losses estimated at approximately $8 million. Criminals compromise legitimate business email accounts through various hacking schemes, including social engineering and the use of malware. Once a business email account is compromised, a fraudulent email is sent directing the recipient of the email to unwittingly transfer funds to an illicit account. Alternatively, they create “spoofed” email domain names to trick people into thinking they know the sender. An email domain name is the part of an email address that comes after the “@” symbol. In email spoofing, one character in an email address is often changed or missing, thereby tricking the recipient. Criminals obtain and use privileged information to convince BEC email recipients that the transfer instructions are legitimate.

To avoid becoming the victim of a BEC scheme, verify email addresses are accurate when checking mail on a cellphone or other mobile device before you open any attachments or follow any instructions and never make any payment changes without verifying with the intended recipient by phone or in person. If you think you have been a victim of a BEC scheme, 1) immediately contact your bank to request a recall or reversal as well as a Hold Harmless Letter or Letter of Indemnity; and 2) file a detailed complaint with the Internet Crime Complaint Center at The Internet Crime Complaint Center, is run by the FBI and serves as the country’s hub for reporting cybercrime. Visit for updated information regarding BEC trends as well as other cyber fraud schemes.

This case was investigated by the United States Secret Service. It was prosecuted by Assistant United States Attorney Jennifer M. Harrington.