Organized cyber thieves stole more than $600,000 from the Catholic Diocese of Des Moines, Iowa earlier this month. The funds were spirited away with the help of dozens of unwitting co-conspirators hired through work-at-home job scams, at least one of whom was told the money was being distributed to victims of the Catholic Church sex abuse scandals, KrebsOnSecurity.com has learned.
In a statement released last week, the diocese said the fraud occurred between Aug. 13 and Aug. 16, apparently after criminals had stolen the diocese’s online banking credentials. The Diocese it was alerted to the fraud on Aug. 17 by its financial institution, Bankers Trust of Des Moines.
The diocese also said the FBI and U.S. Treasury Department were notified, and that the FBI had taken possession of several diocesan computers. To date, roughly $180,000 has been recovered.
The diocese added that law enforcement had advised them that the theft seems to have been the work of a highly sophisticated operation based overseas, which moved the stolen money out of the United States by recruiting people who unknowingly act as intermediaries.
“While the Diocese of Des Moines is protected by insurance and anticipates the restoration of the funds, we have been advised that such criminal activity is rampant,” Des Moines Bishop Richard Pates said. “Obviously, any entity that experiences such a crime should be significantly concerned.”
Once again, the theft involves so-called money mules willingly or unwittingly recruited by a specific money mule cash-out gang whose work I have written about several times already. Among the mules involved in this incident was a man in Newnan, Ga. who received almost $30,000 of the church’s cash. Daniel Huggins, the 29-year-old owner of Masonry Construction Group LLC, got mixed up with a company calling itself the Impeccable Group, claiming to be an international finance company operating out of New York.
Huggins said the Impeccable Group recruited him via e-mail, claiming it had found his resume on job search site Monster.com. The Impeccable Group told him he would be doing payment processing for the company, and on Aug. 16, Huggins’ erstwhile employers sent him two payments, one for almost $20,000 and another for slightly less than $10,000.
Huggins said he contacted the Impeccable Group shortly after the transfers because the amounts seemed quite high and the transfers appeared to be coming from the Catholic Church. The scammers apparently were ready for this question and were quick on their feet with a reply that was as plausible as it was diabolical: Huggins was told the money was going to be distributed as legal settlements to people who had been affected by the clergy sexual abuse scandals that have rocked the church in recent years.
“The told me it was going to be payouts to some of the settlements in the sex crimes cases against the Church,” Huggins said.
Huggins’ bank discovered the fraud and froze his account while there was still almost $10,000 left in it from the fraudulent transfers. Huggins said he was told to expect a call from lawyers for the Des Moines diocese, but he’s conflicted about whether he will return the money he made from his part in the scam: Minus the Western Union and Moneygram wire fees, Huggins earned commissions totaling nearly $800 for helping the thieves transfer the stolen money out of the country.
“I already sent the money to pay off my credit card balance,” Huggins said. “I guess I’m still up in the air on that one.”
The screen shots below were taken of Huggins’ “task manager,” an online communications panel that Impeccable Group used to communicate with money mules they had recruited.