Russian National Charged with Decade-Long Series of Hacking and Bank Fraud Offenses Resulting in Tens of Millions in Losses and Second Russian National Charged with Involvement in Deployment of "Bugat" Malware / Reward of up to $5 Million Offered for Information Leading to Arrest or Conviction (DOJ Release)Your Bank Account Could Be Fueling Crime / Money Muling Is Illegal and Helps Criminals (DOJ Release)Breaking up is hard to do: Schwab and TD Ameritrade both on hook for $1 billion should either firm get cold feet, shareholders revolt, or antitrust regulators quash deal (RIABiz.com)Former COO and CFO of Publicly Traded Transportation Company Charged with Securities Fraud, Bank Fraud and Lying to Auditors (DOJ Release)Former Chief Executive Officer Of Publicly Traded Brand Management Company Charged With Accounting Fraud And Obstruction Of Justice / Former Chief Operating Officer Has Pled Guilty and Is Cooperating in the Government's Investigation (DOJ Release)SEC Charges Connecticut Man with Defrauding Retail Investors (SEC Release)Torrington Financial Advisor and Securities Broker Admits Misappropriating Client Funds (DOJ Release)FINRA Imposes Fines, Suspension, and Undertakings on Firm and Principal Over Excessive Trading. In the Matter of Chelsea Financial Services, and Christopher Vetrano, Respondents (FINRA AWC)
According to the indictment, Bugat is a malware specifically crafted to defeat antivirus and other protective measures employed by victims. As the individuals behind Bugat improved the malware and added functionality, the name of the malware changed, at one point being called "Cridex," and later "Dridex," according to the indictment. Bugat malware was allegedly designed to automate the theft of confidential personal and financial information, such as online banking credentials, and facilitated the theft of confidential personal and financial information by a number of methods. For example, the indictment alleges that the Bugat malware allowed computer intruders to hijack a computer session and present a fake online banking webpage to trick a user into entering personal and financial information.The indictment further alleges that Yakubets and Turashev used captured banking credentials to cause banks to make unauthorized electronic funds transfers from the victims' bank accounts, without the knowledge or consent of the account holders. They then allegedly used persons, known as "money mules," to receive stolen funds into their bank accounts, and then move the money to other accounts or withdraw the funds and transport the funds overseas as smuggled bulk cash. According to the indictment, they also used a powerful online tool known as a botnet in furtherance of the scheme.Yakubets was the leader of the group of conspirators involved with the Bugat malware and botnet, according to the indictment. As the leader, he oversaw and managed the development, maintenance, distribution, and infection of Bugat as well as the financial theft and the use of money mules. Turashev allegedly handled a variety of functions for the Bugat conspiracy, including system administration, management of the internal control panel, and oversight of botnet operations.According to the indictment, Yakubets and Turashev victimized multiple entities, including two banks, a school district, and four companies including a petroleum business, building materials supply company, vacuum and thin film deposition technology company and metal manufacturer in the Western District of Pennsylvania and a firearm manufacturer. The indictment alleges that these attacks resulted in the theft of millions of dollars, and occurred as recently as March 19, 2019.. . .
[B]eginning in May 2009, Yakubets and multiple co-conspirators are alleged to have a long-running conspiracy to employ widespread computer intrusions, malicious software, and fraud to steal millions of dollars from numerous bank accounts in the United States and elsewhere. Yakubets and his co-conspirators allegedly infected thousands of business computers with malicious software that captured passwords, account numbers, and other information necessary to log into online banking accounts, and then used the captured information to steal money from victims' bank accounts. As with Bugat, the actors involved with the Zeus scheme were alleged to have employed the use of money mules and a botnet.Yakubets and his co-conspirators are alleged to have victimized 21 specific municipalities, banks, companies, and non-profit organizations in California, Illinois, Iowa, Kentucky, Maine, Massachusetts, New Mexico, North Carolina, Ohio, Texas, and Washington, identified in the complaint, including multiple entities in Nebraska and a religious congregation. According to the complaint, the deployment of the Zeus malware resulted overall in the attempted theft of an estimated $220 million USD, with actual losses of an estimated $70 million USD from victims' bank accounts. According to the complaint, Yakubets' role in the Zeus scheme was to provide money mules and their associated banking credentials in order to facilitate the movement of money, which was withdrawn from victim accounts by fraudulent means.An individual charged as John Doe #2, also known as "aqua," was indicted in District of Nebraska in case number 4:11-CR-3074. The indictment in that case charges that individual and others with conspiracy to participate in racketeering activity, conspiracy to commit computer fraud and identity theft, aggravated identity theft, and multiple counts of bank fraud related to the Zeus scheme. As alleged, the complaint unsealed today associates use of the moniker "aqua" in the Zeus scheme to Yakubets. . . .
Signs You May Be Acting as a Money Mule
- You receive an unsolicited email or contact over social media promising easy money for little to no effort.
- The "employer" you communicate with uses web-based email (such as Gmail, Yahoo, Hotmail, or Outlook).
- You are asked to open up a bank account in your own name or in the name of a company you form to receive and transfer money.
- As an employee, you are asked to receive funds in your bank account and then "process funds" or "transfer funds" via a wire transfer, ACH, mail, or money service business (such as Western Union or MoneyGram).
- You are allowed to keep a portion of the money you transfer.
- Your duties have no specific job description.
- Your online companion, whom you have never met in person, asks you to receive money and then forward the funds to an individual you do not know.How to Protect Yourself
- Do not accept any job offers that ask you to use your own bank account to transfer their money. A legitimate company will not ask you to do this.
- Be wary when an employer asks you to form a company to open up a new bank account.
- Never give your financial details to someone you don't know and trust, especially if you met them online.
- Be wary when job advertisements are poorly written with grammatical errors and spelling mistakes.
- Be suspicious when the individual you met on a dating website wants to use your bank account for receiving and forwarding money.
- Perform online searches to check the information from any solicitation emails and contacts.
- Ask the employer, "Can you send a copy of the license/permit to conduct business in my county or state?"How to Respond
- If you have received solicitations of this type, do not respond to them and do not click on any links they contain. Inform your local police or the FBI.
- If you believe that you are participating in a money mule scheme, stop transferring money immediately and notify your bank, the service you used to conduct the transaction, and law enforcement.
[B]y approximately 2016, Meek, Peavler, and others at Celadon knew the value of a substantial portion of Celadon's trucks declined in value in part to a slowdown in the trucking market. In addition, many of those trucks, which were owned by Quality Companies (Quality), one of Celadon's divisions, had serious mechanical issues that made them unattractive to drivers, further depressing their value. Instead of accounting for this decline in truck values, Meek, Peavler and others allegedly devised a scheme that caused Celadon to conceal tens of millions of dollars in losses to its shareholders, banks and the investing public.Their scheme involved Quality trading away hundreds of its older and unused trucks to a large truck dealer in exchange for newer used trucks. During the trades, they intentionally inflated the prices on invoices associated with those trades so Celadon's books would not reflect the fact that Celadon's trucks were worth significantly less than reported to investors, the indictment alleges. Although they were actually trades, Meek, Peavler, and others allegedly sought to portray the transactions as independent "purchases" and "sales" of trucks in order to avoid heightened scrutiny.Meek and Peavler also allegedly structured one of the trades in an effort to artificially improve one of Celadon's quarterly financial statements.. Quality received approximately $25 million from the truck dealer just before the end of Celadon's fiscal quarter, which Celadon used to pay down its debt and appear to be in compliance with certain lending agreements. Meek, Peavler, and others allegedly failed to disclose, however, that as part of this deal, Quality had agreed to pay a similar amount of money back to the truck dealer three days after quarter-end. Celadon's quarterly financial statements made no mention of this secret agreement, the indictment alleges.In late 2016 and early 2017, Celadon's independent auditors began to ask questions about the truck trades that Meek, Peavler, and others had used to hide the drop in truck values. In response, Meek, Peavler and others allegedly made false and misleading statements to the auditors about the nature of the trade transactions, falsely denying they were trades and concealing the terms of these trades, including Quality's agreement to pay money back to the truck dealer shortly after quarter-end. Peavler also directed a senior executive and co-conspirator to delete certain emails after the auditor had make a request for relevant documents.In May 2017, Celadon announced that its financial statements issued for fiscal year 2016, which ended June 30, 2016, as well as the quarters ending in September and December 2016 could no longer be relied on, not could the related reports of the independent auditor for those three time periods. Following this announcement, Celadon's share price dropped significantly, causing a one-day loss in Celadon's market value of approximately $62.3 million.
sought to conceal losses by engaging in a scheme to buy and sell trucks at inflated prices, in some cases double or triple their fair market value. The complaint alleges that as a result of the transactions with third-party dealers, Celadon materially overstated its pre-tax income, net income, and earnings per share in its annual report for the period ending June 30, 2016, and in its subsequent public filings through the period ending Dec. 31, 2016. The complaint also alleges that Meek and Peavler lied to Celadon's auditor by claiming that the pricing in the transactions was "determined and evaluated independently," and by concealing their roles in negotiating and approving the transactions. Meek resigned from Celadon in 2017 and Peavler resigned in 2018.
recognizing false revenue and manipulating its reported earnings in 2014, entering into transactions to conceal distressed finances at two licensees who could not meet licensing royalty payments owed to Iconix, and failing to recognize over $239 million in impairment charges for three brands over a multi-year period. Additionally, Iconix and its former Chief Financial Officer Warren Clamen failed to recognize losses from Iconix's failing licensees, disclose that Iconix entered into transactions to secretly and temporarily bolster its licensees' finances, and properly test for impairment. As a result of these accounting improprieties, Iconix overstated net income by hundreds of millions of dollars between 2013 and the third quarter of 2015.
devised a fraudulent scheme to create fictitious revenue, allowing Iconix to meet or beat Wall Street analysts' consensus estimates in the second and third quarters of 2014. According to the complaint, Cole and Horowitz realized substantial profits on Iconix stock sales as a result of the alleged fraud. In order to hide the fraud, as alleged, Cole and Horowitz also deleted emails and caused Iconix to make false and misleading statements in response to an SEC inquiry.
Iconix, whose shares traded on the NASDAQ, was in the business of acquiring various brands, including clothing and fashion brands, and then licensing those brands to retailers, wholesalers, and suppliers, who, in turn, produced and sold clothing and other products bearing the brand names.Iconix utilized joint ventures ("JVs") to profit from its brands in foreign markets. With respect to these JVs, Iconix transferred ownership of a trademark or brand to the JV while maintaining a 50 percent ownership interest in the JV itself. The other party involved in the JV purchased a 50 percent interest in the JV from Iconix. As part of the JV agreements, each JV partner was generally entitled to 50 percent of the JV's licensing revenue. When it entered into a JV, Iconix recognized as revenue the buy-in purchase price paid by the JV partner, less Iconix's cost basis in the trademarks.Among the most critical financial metrics disclosed in Iconix's public filings with the SEC were Iconix's quarterly and annual revenue and non-GAAP diluted earnings per share ("EPS"). Iconix executives, including COLE, publicly identified revenue and EPS as the principal metrics demonstrating Iconix's growth. They also touted Iconix's consistent record of revenue and earnings growth and of meeting or exceeding Wall Street analyst consensus with respect to these metrics.The Accounting Fraud SchemeCOLE and Horowitz engaged in a scheme to falsely inflate Iconix's reported revenue and EPS by orchestrating a series of "round trip" transactions in which COLE and Horowitz induced a JV partner, a Hong Kong-based international apparel licensing company ("Company-1"), to pay artificially inflated buy-in purchase prices for JV interests, with the understanding that Iconix would then reimburse Company-1 for the overpayments. COLE and Horowitz executed the scheme for the purpose of enabling Iconix to report fraudulently inflated revenue and EPS figures based on the inflated buy-in purchase prices it obtained from Company-1.COLE arranged for Iconix to enter into three JVs with Company-1 that included inflated buy-in purchase prices from Company-1: (1) the Southeast Asia JV, which closed on or about October 1, 2013 ("SEA-1"), (2) the Southeast Asia first amendment, which closed on or about June 30, 2014 ("SEA-2"), and (3) the Southeast Asia second amendment, which closed on or about September 17, 2014 ("SEA-3"), (collectively, the "SEA JVs"). Each of the SEA JVs involved a fraudulent "round trip" transaction, lacking in economic substance, in which Company-1 paid an artificially inflated buy-in purchase price for its interest in the JV, in exchange for COLE's agreement that Iconix would give back the inflated portion of the purchase price to Company-1. COLE and Horowitz hid from Iconix's lawyers and outside auditors that COLE had reached an understanding with Company-1 to artificially increase the consideration Company-1 paid Iconix in exchange for COLE's agreement to round-trip the overpayment back to Company-1.Through the scheme, COLE and Horowitz caused Iconix to report fraudulently inflated revenue and EPS figures to the investing public. COLE and Horowitz did so, in part, to ensure that the reported figures met analyst consensus and to fraudulently convey the impression to the investing public that Iconix was growing quarter after quarter, as COLE had touted to the investing public. Absent the false inflation of revenue from SEA-2 and SEA-3, Iconix would have missed its quarterly revenue consensus in the second and third quarters of 2014 and its annual revenue consensus for the full year 2014. Absent the false inflation of EPS from SEA-2 and SEA-3, Iconix would have missed its annual non-GAAP diluted EPS consensus for the full year 2014.Obstruction of JusticeIn late 2014 and early 2015, the SEC Division of Corporate Finance ("Corp Fin") conducted an inquiry into Iconix's accounting treatment for the formation of certain Iconix international JVs, including the SEA JVs. Although the SEC directed Iconix to disclose to the SEC the "business purpose" and material terms of the SEA JVs, COLE intentionally and falsely omitted from an Iconix response letter to the SEC that Company-1 had agreed to inflate the purchase prices for SEA-2 and SEA-3 by $5 million and $6 million, respectively, in exchange for COLE's secret agreement that Iconix would reimburse Company-1 for these overpayments. COLE also took steps during the Corp Fin inquiry to destroy and conceal relevant evidence, including by deleting emails related to the SEA JVs and directing Horowitz to do the same, in order to prevent the scheme from being detected.
[F]ry was an accountant and financial advisor doing business in Germantown, TN as Fry Financial Services. Count one of the information alleged that between 2009 and 2019, Fry stole and embezzled funds from a client who had given him power of attorney to prepare tax returns and manage and invest monies following the death of her husband. The information alleged that Fry obtained in excess of $1.3 million from the client as a result of the scheme.Count two of the information alleged that after Fry was served with a civil suit and notice of lien filed in Shelby County Chancery Court on behalf of the client, he defrauded a mortgage lender, title company and closing agent in connection with the sale of his personal residence. The information alleged that Fry falsely represented on an Owner's Affidavit that there was no pending litigation or liens affecting the property being sold. As a result of the misrepresentation Fry caused the disbursement of $325,827.84 in loan proceeds.Count three of the information alleged Fry defrauded another client located in Mississippi of $410,000 by requesting a loan and falsely representing that the funds were going to be used to purchase and resell an accounting firm. In fact, Fry used the funds to replace funds he embezzled from an estate of which he was the named executor.
This case concerns annual reports required of broker-dealers by the Exchange Act that were prepared by Remus, who engaged Amundsen as the Engagement Quality Reviewer (EQR). The OIP alleges that Remus engaged Amundsen as the EQR on fourteen audits of seven brokerdealers in 2015 and 2016; that Amundsen had been enjoined since 1983 from appearing or practicing before the Commission in any way; that his daughter was the FINOP of the brokerdealers responsible for preparing the reports being audited; and that Remus was aware of the familial relationship, which violated auditor independence requirements. The Division urges that Respondents be ordered to cease and desist from further violations; that Remus be barred from appearing or practicing before the Commission; that Remus be ordered to disgorge $57,227, and Amundsen, $7,000 - the fees that they received for the audits.Remus acknowledges that he erred, but points to an otherwise unblemished thirty-one year career in auditing and urges that no additional discipline be ordered beyond the emotional and professional damage that he has experienced as a result of his violation. Amundsen urges that the proceeding be dismissed. Respondents emphasize that there was no financial inaccuracy 2 Citations to the transcript are noted as "Tr. __." Citations to exhibits offered by the Division, Amundsen, and the Remus Respondents are noted as "Div. Ex. __," "Amundsen Ex. __," and "Remus Ex. __," respectively. 3 alleged in the financial reports that they audited - no re-audit, material misstatement, request for recalculation, or adjustment. Remus acknowledges that he was aware of the familial relationship but argues that he was unaware that it violated auditor independence requirements and unaware of Amundsen's disciplinary history, as well. Amundsen argues that there was no conflict of interest, noting that a partner in an accounting firm - who has a financial interest in the revenues from the engagement under review - can be an EQR and that such an interest presents a greater potential for conflict of interest than a father-daughter relationship.
engaged in a scheme to defraud retail investors by misappropriating funds from one advisory client and then making Ponzi-like payments to the client using assets misappropriated from other advisory clients. Burroughs allegedly told certain advisory clients that he would invest their money in "Guaranteed Interest Contracts" (GIC) with guaranteed annual returns of 4% or 7%. The complaint alleges that Burroughs never invested his clients' money in GICs and that he instead misappropriated the funds and provided clients with fake account statements to hide his theft.
[B]urroughs was a registered securities broker with the Financial Industry Regulatory Authority. Prior to November 2019, he was the owner of Burroughs Investment Group, a full-service financial consulting firm based in Torrington. Beginning in at least 2012 and continuing through 2019, Burroughs misrepresented to certain clients that their money would be invested in legitimate guaranteed investment contracts. Instead, he used his clients' money to pay business expenses and other clients' "guaranteed" investment returns.
Chelsea Financial: Censure; $15,000 fine (purportedly reduced in consideration of the firm's revenues/financial resources and its agreement to pay full restitution); $68,899 in restitution; and an undertaking to review/revise the firm's supervisory system and WSPs.Vetrano: $10,000 fine; three month suspension from association with any FINRA member in any capacity Principal capacity; and an undertaking to complete 40 hours of supervisory-responsibilities continuing education.
From January 2016 through July 2018 (the "Relevant Period"), Chelsea Financial failedto establish and maintain a supervisory system, and failed to establish, maintain, andenforce written supervisory procedures ("WSPs"), that were reasonably designed toachieve compliance with FINRA's suitability rule as it pertains to excessive trading. Inaddition, Chelsea Financial and Vetrano-who was the Firm's designated supervisoryprincipal responsible for conducting suitability reviews-failed to reasonably supervise aformer registered representative, CB,1 who, while registered through Chelsea Financial,recommended unsuitable and excessive trading in three customer accounts.As a result of the foregoing, Chelsea Financial and Vetrano violated FINRA Rules 3110and 2010.= = = = =Footnote 1: FINRA previously barred CB from associating with any FINRA member firm in any capacity.