The email looked like her husband wrote it.
Because the scammers had been monitoring the Kennesaw company’s internal communications, it even sounded like something he would write, the way it was worded.
“Capable,” is how co-owner Luanne Whiting-Lager described the people who scammed her baby products company, Regal Lager, out of $216,000.
The FBI would later recover most of the money, but only after weeks of agony for Whiting-Lager, her family and her employees.
“We all felt taken,” she said Tuesday at the FBI’s Atlanta area office in Chamblee. “We all felt dirty, somehow.”
Todd Renner, the FBI’s special agent in charge of cybersecurity in Atlanta, said about $200,000 was recovered, but the culprits are still at large. He said the agency is still trying to locate them.
The Georgia case was part of a broader effort by the U.S. Department of Justice targeting what the agency categorizes as “business email compromise” schemes, also known as “cyber-enabled financial fraud.” The agency announced late Tuesday the arrests of 281 people internationally, with 74 in the United States and three in Georgia.
Nigerian national Emmanuel Igomu, 35, of Atlanta, was charged in the Northern District of Georgia on counts of aiding and abetting wire fraud in connection with the transmission of money from a scheme involving a $3.5 million funds transfer from an unidentified Georgia-based health care provider, the justice department said in a news release.
Cyril Ashu, 34, of Austell, and Ifeanyi Eke, 32, of Sandy Springs were charged with a count of wire fraud and another of conspiracy to commit wire fraud in connection with a $10 million Nigeria-based scheme affecting hundreds nationwide, the agency added.
“Operation reWired” was funded and coordinated by the FBI and the Justice Department’s International Organized Crime Intelligence and Operations Center. It involved a host of government agencies, including the IRS, which revealed how many people were vulnerable.
“In unraveling this complex, nationwide identity theft and tax fraud scheme, we discovered that the conspirators stole more than 250,000 identities and filed more than 10,000 fraudulent tax returns, attempting to receive more than $91 million in refunds,” Chief Don Fort of IRS Criminal Investigation, is quoted as saying in the news release. The IRS is continuing to work with international, federal and state partners to pursue all those responsible.
Renner, the FBI special agent in Atlanta, said the scope of online crimes has been growing.
In 2017, he said, there were nearly 16,000 complaints nationally and more than $675 million in losses. By 2018, the losses had nearly doubled, to more than $1.2 billion, with over 20,000 complaints.
Georgia’s losses last year exceeded $98 million. There were 446 complaints, and the FBI recovered about $60 million, he said.
No one has been arrested yet for the scam at Regal Lager in Kennesaw, which involved a shipment of high chairs. Someone who was pretending to be Whiting-Lager’s husband sent an email asking for changes to the vendor’s payment account.
The FBI later froze the account and recouped most of the money.
Regal Lager now prohibits transaction changes requested solely by email, requiring dual forms of communication, company finance director Raj Patel said. Phone calls to the bank are the ideal backup.
Frequent email password changes are required, too. Whiting-Lager said she changes hers every three weeks, using random symbols.
“I hate it,” she said.
It’s better than falling victim again, though.
The bad guys are persistent and numerous. Within six weeks, the company was scammed again, this time, in a ransomware attack, she said.
That’s when an outsider gains control of a victim’s data, threatening to destroy it or to permanently sever access to it unless a ransom is paid.
Several Georgia governments, from the Georgia Department of Public Safety and the state Administrative Office of the Courts to the City of Atlanta and Henry County, have fallen victim to ransomware attacks recently.
It’s the kind of attack that could destroy a business, but this time Regal Lager was unharmed.
Here are the steps the FBI says people should take to be safe with online business:
- Be suspicious of any requests for secrecy or pressure for quick action.
- Be judicious about information shared on social media and company websites, which could have been infiltrated; scammers can use information like out-of-office status.
- Always seek a second form of confirmation for any fund transfer requests by email; phone calls to creditors are a good backup.
- If you’re a victim, file an immediate complaint with the FBI’s Internet Crime Complaint Center: www.ic3.gov