Ongoing Executive Impersonation Attack

First off: notifying the police and three letter agencies that are responsible is exactly the right thing to do.

To your questions:

  1. Not quite. But that does not mean that the attacker is US-based or that it's the attacker's bank account.

    For all that matters, it could be the bank account of someone previously fished that has no relevant balance.

    Using that as the destination for a wire transfer scam is tricky: it covers the attacker's identity and adds a false sense of security, as the destination account is with a US bank rather than some shady off shore bank.

  2. No. Please just leave that to your government and the law enforcement agencies. Cross reference this question and its answers.


  1. Most likely they are using moneymules. These are people who are used to transfer the money. Sometimes it's a breached account as well as foreign transfers may raise eye brows (often the money is later siphoned to other countries afterwards)
  2. It's just a question if they are domestic, this is not sure. Leave it to the authorities and consult legal counsel.

Tags:

Phishing