Two Georgia Residents Charged With Targeting Individuals In Business Email Compromise Schemes

SALT LAKE CITY – Trial dates have been scheduled in U.S. District Court in Salt Lake City for two individuals charged in a five-count indictment in connection with an alleged Business Email Compromise (BEC) scheme. Charges include conspiracy to commit bank fraud by opening bank accounts under false identities in order to receive criminal proceeds generated by impersonating the officers of businesses and directing employees to wire money into the fraudulently opened accounts.

Saheed Yusuf, age 32, of Atlanta, and a co-defendant, Vanisha Wright Matthis, age 46, also of Atlanta, were charged in June by federal prosecutors in Utah as a part of a coordinated national enforcement operation targeting thousands of individuals now facing federal charges for alleged BEC schemes. 

U.S. Attorney for Utah John W. Huber, FBI Special Agent in Charge of the FBI Salt Lake Field Office Eric Barnhart, and Utah Department of Public Safety Commission Keith Squires announced the Utah indictment, which was unsealed Friday.

An FBI Cyber Task Force Officer from the Utah Department of Public Safety investigated the case and located the alleged defendants in the case.

U.S. Marshals returned Yusuf to Utah following his arrest in Lithonia, Georgia, on July 6, 2018.  He arrived in Utah last week.  He appeared Friday before U.S. Magistrate Judge Paul M. Warner. He entered pleas of not guilty to the charges.  A four-day jury trial was set for Oct. 16, 2018, before U.S. District Judge Robert J. Shelby.  Federal prosecutors requested Yusuf be detained pending trial and Magistrate Warner ordered him to remain in custody.

Matthis had an initial appearance on the indictment in late June and entered pleas of not guilty to the charges in the indictment.  She is not in custody. A two-week trial has been set for Sept. 14, 2018, before U.S. District Judge Robert J. Shelby.

Yusuf and Matthis are charged with conspiracy to commit bank fraud, two counts of wire fraud, aggravated identity theft and money laundering.

“These scammers target victims by convincing them to transfer money to bank accounts they control. Often the scheme is facilitated by impersonating a key employee or business partner. Employees of the business think they are responding to a request from a company leader and transfer the funds to what turns out to be a shell bank account,” Huber said. “The U.S. Attorney’s Office in Utah and our local and federal partners will continue to focus on this cyber-enabled financial fraud,” Huber said.

“Perpetrators of business email compromise schemes manipulate and exploit trusting individuals who believe they are conducting legitimate business.  The result can be devastating not only financially but emotionally.  The sophistication and evolving nature of these scams mean businesses should have increased awareness and prevention efforts in place.  If you’ve believe you’ve fallen victim to a BEC scam, contact your financial institution and local FBI immediately and file a complaint with www.ic3.gov,” Eric Barnhart, Special Agent in Charge of the FBI Salt Lake City Field Office said.

"The Department of Public Safety and its agents are committed to protecting Utah business owners and will go after cyber criminals wherever they might be," said Commissioner Squires said today. "We value the partnership we have with the FBI to work as one in this fight against cybercrime."

According to the indictment, the defendants and their co-conspirators opened at least two bank accounts under the name of a business called Allied Logistics Group Inc., using false business names to disguise their identities and make it seem like a legitimate business rather than a shell company used to commit fraud.

With the accounts established, the defendants sent dozens of emails to businesses in the United States and the United Kingdom using the names of business executives without their knowledge or authorization. The apparent purpose of these emails, the indictment alleges, was to engage with employees of these businesses and give them wire instructions to wire the company’s funds.

For example, on July 11, 2016, the defendants and their co-conspirators sent a series of email communications to a business in Utah, purporting to be a corporate officer whose initials are “B.B.” and using his name with the email address CEOEMAILSS@GMAIL.COM (link sends e-mail).  At about 9:06 a.m., the defendants sent an email using the name of the real person with the initials B.B., who was an officer of the company, with wire instructions for one of the Allied Logistics Group Inc. Bank accounts, and directed an employee of the victim business to send $58,000 from the business’s Utah account to the defendants’ account. At about 4:50 p.m. that same day, the wire of $58,000 was completed as requested by the defendants and was received by the bank account they had created for that purpose.  Later that day, the defendants started moving money out of the account through transfers and subsequent withdrawals.  After the successful completion of the fraud against the Utah business, the bank accounts created for Allied Logistics Group Inc. were closed.

Indictments are not findings of guilt.  Individuals charged in indictments are presumed innocent unless or until proven guilty in court.  The potential maximum charges for the charges in the indictment are 30 years for conspiracy to commit bank fraud; 20 years for the wire fraud and money laundering counts; and a two-year mandatory minimum for the aggravated identity theft count, which would run consecutive to any other sentence.

The national operation was funded and coordinated by the FBI.  Private sector partners, including Symantec, provided significant assistance to the FBI Salt Lake City Cyber Task Force investigating BEC cases.