DOJ reports that a jury convicted three people involved in an international email-hacking operation that defrauded more than 1,000 victims out of about $215 million. The scheme is described as a business email compromise using hacked emails and communications to generate proceeds.

A DOJ press release outlines a major cyber-enabled fraud case tied to business email compromise. Prosecutors say the underlying operation involved hacking email accounts and using access to intercept or imitate communications for fraudulent financial gain. DOJ states that a jury convicted three defendants for their roles in the international scheme, which they describe as targeting more than 1,000 victims and producing proceeds of roughly $215 million. Business email compromise (BEC) schemes typically rely on hijacked inboxes, spoofed messages, and believable requests that pressure victims to transfer funds or approve payments. In this case, DOJ emphasizes the use of hacked emails and communications to carry out the theft across multiple victims. The scale described by DOJ—over 1,000 victims and approximately $215 million—signals how quickly such intrusions can propagate through businesses and individuals that trust email correspondence. While the announcement focuses on convictions of specific participants, it reflects a wider coordinated criminal effort. For consumers and organizations, the takeaway is to treat payment instructions sent via email as unverified until confirmed through a secondary method, especially for wire transfers and unusual requests. Strengthening email security, monitoring for account compromise, and using out-of-band verification can reduce exposure to BEC-style fraud.