[BreachExchange] Texas Convicts BEC Scammer

Terrell Byrd terrell.byrd at riskbasedsecurity.com
Thu Dec 23 16:04:53 EST 2021 

https://www.infosecurity-magazine.com/news/texas-convicts-bec-scammer/

A Texas resident has been convicted of stealing hundreds of thousands of
dollars from a school district in Idaho through a business email compromise
(BEC) scam.

Teton School District 401, which serves 1,800 students in seven schools in
Teton County, fell victim to the cybercrime three years ago.

In 2018, the district's business manager, Carl Church, unknowingly made an
electronic payment to a fraudulent bank account accessed through his
district email account.

Church transferred $784,833.71 in the belief that he was paying Headwaters
Construction Company, a general contractor based in Victor, Idaho, which
had been hired by the district to build new schools.

In January 2019, after news of the cybercrime became public, Church
resigned from his position. Speaking at the time, Teton County Deputy
Andrew Sewell emphasized that Church was not suspected of any wrongdoing.

Sewell said the BEC cyber-attack “was a believable scam that he [Church]
fell victim to.”

The incident was investigated by the Federal Bureau of Investigation. Over
half the stolen funds were eventually recovered, and the state insurance
carrier ICRMP paid the remaining balance.

Houston resident Julius Joachim Ohumole, who moved to the United States
from his native Nigeria, was charged over the cybercrime on November 8,
2019, and later taken into custody.

On December 31, 2019, the US Attorney's Office for the Southern District of
Texas announced that 37-year-old Ohumole had been charged with one count of
conspiracy, four counts of bank fraud, and two counts of aggravated
identify theft.

Teton Valley News reported Wednesday that Ohumole has now been convicted
and is due to be sentenced in February 2022.

Superintendent Monte Woolstenhulme shared news of the conviction at a
meeting of the school board on December 13. Woolstenhulme informed the
trustees that he had been notified of the conviction by the US Department
of Justice in Texas.

Each count of conspiracy and bank fraud carries a possible sentence of up
to 30 years in federal prison and a maximum fine of $1m. The aggravated
identify theft charge carries a maximum sentence of up to two years in
prison.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20211223/2236e8e9/attachment.html>

More information about the BreachExchange mailing list