The U.S. Department of Justice (DoJ) has sentenced a 31-year-old to 10 years in prison for laundering more than $4.5 million through business email compromise (BEC) schemes and romance scams.
Malachi Mullings, 31, of Sandy Springs, Georgia pleaded guilty to the money laundering offenses in January 2023.
According to court documents, Mullings is said to have opened 20 bank accounts in the name of a non-existent company named The Mullings Group LLC., which served as a conduit to launder the fraudulent proceeds from at least 2019 to July 2021.
The scheme netted millions of dollars via BEC attacks targeting a healthcare benefit program, private companies, and other entities, as well as romance fraud schemes targeting the elderly.
A BEC scam is a form of targeted cyber attack in which financially motivated bad actors trick unsuspecting executives and employees into sending money or sensitive data to accounts under their control using various social engineering ploys.
Such attacks seek to defraud companies by often leveraging compromised accounts to send phishing emails to vendors, urging them to make a wire transfer or change banking details for future payments.
“Together with his co-conspirators, Mullings engaged in financial transactions designed to conceal the fraud proceeds and used some of the proceeds to purchase luxury items, such as expensive cars and jewelry,” the DoJ said. This included a Ferrari that was purchased after obtaining $260,000 from a romance scam.
The development comes as a Russian citizen has been indicted in the U.S. for his role as an access broker, breaking into corporate networks and offering that initial access for sale to other actors on cybercrime forums between February 2019 and May 2024.
Evgeniy Doroshenko (aka Eugene Doroshenko, FlankerWWH, and Flanker), 31, of Astrkhan, Russia, has been charged with one count of wire fraud and one count of fraud and related activity in connection with computers. Doroshenko remains at large.
The two charges carry a maximum punishment of 25 years in prison and a fine of $250,000 each, or twice the gross amount of gain or loss resulting from the offense, whichever is greatest.
“Cybercrime forums, like the one used by Doroshenko to sell access to victim computer networks, are online forums where cybercriminals promote and facilitate a wide variety of criminal activities including, among other activities, computer hacking and trafficking in stolen data,” the DoJ said.