Russian National Sentenced to 70 Months For $4 Million Debit Card Fraud

  /     /     /  
Publicated : 22/11/2024   Category : security


Russian National Sentenced to 70 Months For $4 Million Debit Card Fraud


Mikhail Malykhins actions drove one company out business.



A Russian national responsible for a debit card fraud scheme that cost his victims over $4.1 million in losses and drove one company out of business has been sentenced to 70 months in federal prison.
Mikhail Malykhin, 36, will also forfeit about $1.3 million in cash, more than $22,000 in gift cards, several gold bars, and a 1966 Ford Mustang that the FBI previously seized from him.
Malykhin in 2016 had pleaded guilty to conspiring to use stolen debit cards and unauthorized access to a protected computer. At his sentencing last week, United States District Judge Dolly Gee of the Central District of California described Malykhin actions as reprehensible and ruining the lives of many, a
statement
issued by the Justice Department Friday noted.
Court documents associated with the case show that in December 2015 Malykhin illegally accessed a computer belonging to Polestar Benefits, a Lake Oswego, Oregon-based healthcare company that administers flexible spending accounts (FSAs) and COBRA services to other companies.
In that role, the company creates and manages FSAs, which are accounts into which employees can deposit pre-tax money for out of pocket healthcare expenses. Polestar also administers dependent care accounts, which are another type of special account to pay for elderly and dependent care.
Like other administrators of FSA accounts, Polestar issues a restricted type of debit card that an FSA account holder can use to pay for certain types of medical expenses. When the holder of a dependent care account spends money on dependent care, Polestar reimburses them from the account holders previously funded account.
Malykhin used his access to Polestars systems to reactivate the dormant accounts of 43 previous employees at Lane Community College, a Eugene, Oregon-based client of Polestar. He created new dependent care accounts for those employees, fraudulently funded several of them, and had debit cards linked to those accounts mailed to associates in various locations.
Malykhin set limits ranging from $500,000 to a staggering $5 million for the debit cards and modified them in such a way that the usual restrictions on the use of such cards were removed. In other words, debit cards that normally could have been used only to pay for qualified medical expenses were modified so they could be used as high-limit payment cards at any location.
Five associates of Malykhin — four Russian and one identified only as East European — used the fraudulent cards to buy hundreds of thousands of dollars worth of electronic goods, expensive furniture, and other big-ticket items from retail stores in California. In several cases, the associates then returned the fraudulently purchased goods for cash or for gift cards. Malykhin himself, who was the head of what prosecutors have described as a Russian organized crime syndicate, got to keep his share of the luxury goods, cash, and debit cards.
All five of his associates were subsequently arrested and
sentenced
to periods ranging from one year to three years in federal prison.
The court papers filed in connection with Malykhins arrest show that he was responsible also for breaking into FlexMagic Consulting, another third-party administrator like Polestar, and similarly defrauding them of $3.5 million. The March 2016 break-in later forced FlexMagic out of business, leaving responsibility for the losses to Alegeus, the maker of a software platform that both Polestar and FlexMagic used for creating and managing FSA accounts for clients.
Related Content:
Four Faces of Fraud: Identity, Fake Identity, Ransomware & Digital
New Report Shows Fraud on the Rise with Sharp Growth in US-Based Activity
US Slaps Sanctions on Five Russian Entities, Three Individuals for Cyberattacks
7 Ways to Better Secure Electronic Health Records
 
Black Hat USA returns to Las Vegas with hands-on technical Trainings, cutting-edge Briefings, Arsenal open-source tool demonstrations, top-tier security solutions and service providers in the Business Hall. Click for information on the
conference
 and
to register.
 

Last News

▸ DHS-funded SWAMP scans code for bugs. ◂
Discovered: 23/12/2024
Category: security

▸ Debunking Machine Learning in Security. ◂
Discovered: 23/12/2024
Category: security

▸ Researchers create BlackForest to gather, link threat data. ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
Russian National Sentenced to 70 Months For $4 Million Debit Card Fraud