Virginia Business Email Scam Plea: Zamar McPherson Admits Role In $3M-Plus BEC Scheme
News Anchor voice
Ready when you are.
Status, July 1 source check: source-cleared for a government-accountability and courts ledger. The controlling source is the U.S. Attorney’s Office for the Western District of Virginia release dated June 25, 2026. DOJ says Zamar McPherson, 49, of Boynton Beach, Florida, pleaded guilty in a business email compromise case involving more than $3 million stolen from victims throughout the United States.
This is a plea-stage record, not a rumor about a cyber scam. DOJ identifies the defendant, the counts, the co-conspirators who previously pleaded guilty, the victim-payment lane, the forfeiture figure, the agencies involved, and the prosecutor. That gives BadPD enough source footing for a ledger while leaving final sentence, final restitution, and recovery details marked as pending.
What DOJ Says Happened
DOJ says McPherson pleaded guilty to one count of conspiracy to commit bank and wire fraud and two counts of wire fraud. The release says she agreed to pay restitution for the entire scope of her criminal conduct and agreed to forfeit $154,474.85.
DOJ names two co-conspirators: Garland Shelton, 57, of Wytheville, Virginia, and Olivia Oxley, 35, of Brooklyn, New York. According to the release, Shelton and Oxley each pleaded guilty last year to one count of conspiracy to commit bank and wire fraud. DOJ says McPherson, Shelton, and Oxley each face up to 30 years in prison for their roles in the conspiracy.
The scheme described by DOJ is a business email compromise, or BEC, lane. DOJ says victims had planned to send legitimate wire payments to certain payees. A conspiracy member allegedly compromised the payees’ email accounts and provided new account information for the wire payments. The victims were then allegedly defrauded into sending large sums of money to bank accounts belonging to McPherson, Shelton, and Oxley.
DOJ says McPherson, Shelton, and Oxley created and used personal and illegitimate business accounts at various financial institutions to facilitate fraudulent wire-transfer payments. The release does not name every victim, every bank, every compromised account, or every wire. Those details should come from court filings or sentencing records before being added.
Confirmed, Pending, And Not Added
- Confirmed by DOJ: McPherson pleaded guilty to conspiracy to commit bank and wire fraud and two wire fraud counts.
- Confirmed by DOJ: the case involves more than $3 million stolen from victims throughout the United States.
- Confirmed by DOJ: McPherson agreed to restitution for the entire scope of her criminal conduct and to forfeit $154,474.85.
- Confirmed by DOJ: Shelton and Oxley previously pleaded guilty to conspiracy to commit bank and wire fraud.
- Pending records: sentencing dates, final judgments, restitution order, forfeiture order, victim count, recovered-funds record, bank-account list, and any IC3/freeze-response record if later disclosed.
- Not added by BadPD: private victim names, bank names, email-account addresses, account numbers, unreleased wire dates, recovered-funds amount, or any sentence not present in the current source set.
Why This Belongs In The Accountability File
Business email compromise cases are not abstract internet noise. They target routine payment processes: vendor invoices, closing wires, executive requests, payroll changes, and other messages people expect to be legitimate. In this case, DOJ says victims were intending to send lawful payments to payees. The alleged intervention was the compromised email-account instruction that redirected money to accounts controlled by conspiracy members.
The public-interest record is also broader than one defendant’s plea. When DOJ says multiple personal and illegitimate business accounts at various financial institutions were used to facilitate fraudulent wire transfers, the records to watch include account-opening documents, wire confirmations, bank fraud alerts, victim notifications, and any fund-freeze or recovery attempt. BadPD is not claiming those records are public today. It is marking the document trail that should control future updates.
The forfeiture number is useful but incomplete. A forfeiture agreement of $154,474.85 is not the same as final restitution for all victims. DOJ says the scheme stole more than $3 million and that McPherson agreed to pay restitution for the entire scope of her criminal conduct. The final judgment should confirm what the court orders, what is joint and several if anything, and what remains unrecovered.
Why The Source Limits Matter
A BEC plea record can be easy to overstate because the money trail sounds specific while the public release is still a summary. DOJ gives enough detail to say the case involved redirected payment instructions, compromised payee email accounts, more than $3 million in stolen money, and bank accounts tied to named conspiracy members. DOJ does not give enough detail to publish a victim ledger, bank ledger, account-opening ledger, or full wire-by-wire timeline.
That is why this article uses the words confirmed, pending, and not added. Confirmed means the current source set says it directly. Pending means the fact may exist in court or bank records but is not in the present source set. Not added means the detail would create avoidable risk for victims, businesses, banks, or future fraud targets unless an official public record makes it necessary and safe to report.
The victim-protection issue is practical. Publishing a company name, bank name, account clue, or email-account clue without a controlling record can make the original target easier to find and can encourage copycat probing. The accountable path is different: name the public defendants, name the agencies, attach the official source dates, and identify the missing public records that should answer the recovery and sentencing questions.
For readers who found this file after a suspicious invoice or wire request, the BadPD takeaway is deliberately limited. This article is not a recovery guide. It is not a legal guide. It is not telling anyone whether a bank, employee, vendor, title company, or government agency is liable. It is a source ledger showing how one federal plea was described by DOJ and which official public channels the FBI identifies for BEC reporting context.
FBI And IC3 Context
The FBI describes business email compromise as one of the most financially damaging online crimes. Its public guidance says BEC exploits reliance on email for personal and professional business and can involve fake requests that appear to come from known sources, such as vendors, executives, or title companies. That context matches the payment-redirection pattern DOJ describes in this case, but it does not add case-specific facts.
The FBI’s public guidance directs BEC reports to the Internet Crime Complaint Center, or IC3, and says victims should also contact their financial institution immediately and ask it to contact the institution where any transfer was sent. IC3 says it is the central hub for reporting cyber-enabled crime and is run by the FBI. Those links are included as public-resource context only. They are not legal advice, banking advice, or a guarantee that any lost money can be recovered.
That distinction matters. A source ledger should not turn a plea article into a checklist that sounds like professional advice. The practical public point is simpler: BEC cases often move fast, the wire-transfer window matters, and official reporting routes exist. The court record, however, controls the criminal case.
Agencies And Case Footprint
DOJ says First Assistant U.S. Attorney Robert N. Tracci, FBI Richmond Special Agent in Charge Ian Kaufmann, and HSI Washington, D.C. Special Agent in Charge Eric Weindorf announced the plea. The investigating agencies named by DOJ include Homeland Security Investigations Washington, D.C.; HSI St. Paul; the FBI; Eden Prairie, Minnesota Police Department; Virginia State Police; Middlesex County, New Jersey Prosecutor’s Office; and Palm Beach County, Florida Sheriff’s Office.
That agency list suggests a multi-state footprint. It does not prove every state had a separate victim, bank, account, or loss. The public record should separate what DOJ names from what later court filings may prove. Assistant U.S. Attorney Corey Hall is identified as the prosecutor.
Records To Watch
The first record to watch is the plea agreement or factual basis. That document should show exactly what McPherson admitted, whether any loss amount was stipulated, how the forfeiture figure was calculated, and whether restitution covers all victims or a narrower set. If the factual basis lists wire dates or account details, those records should replace the broad summary language.
The second record is the sentencing file. A judgment should show imprisonment if any, supervised release, restitution, forfeiture, special assessment, and payment terms. Sentencing memoranda may also show victim impact, recovery status, guideline disputes, and whether the government credits cooperation or acceptance of responsibility.
The third record is the recovered-funds trail. BEC cases sometimes involve rapid financial-institution contact, account freezes, clawbacks, or partial returns. The current DOJ release does not say how much money was recovered, if any. BadPD should not infer recovery from the existence of restitution or forfeiture language.
The fourth record is co-conspirator sentencing. Shelton and Oxley are described as having pleaded guilty last year, but this article does not report their final sentences unless a later official record is attached. A useful follow-up would check each judgment, restitution allocation, and any joint liability language.
The fifth record is whether the court later distinguishes intended loss, actual loss, restitution, and forfeiture. Those numbers can be different. Intended loss can describe attempted harm. Actual loss can describe what left victims’ hands. Restitution can describe what the court orders defendants to repay. Forfeiture can describe proceeds or property tied to the offense. This article keeps those lanes separate because the DOJ release gives one broad stolen-money figure and one forfeiture figure, not every final accounting number.
The sixth record is whether any public filing explains the role of each listed agency. DOJ names HSI Washington, HSI St. Paul, FBI, Eden Prairie Police, Virginia State Police, Middlesex County Prosecutor’s Office, and Palm Beach County Sheriff’s Office. That list is important, but it does not by itself explain which agency froze money, interviewed witnesses, traced accounts, or handled local records. Later filings may clarify that footprint.
Source-Limited Notes
This ledger does not establish that every business email compromise case works the same way. It does not identify every victim, every business, every bank, every compromised email account, every wire transfer, or every recovered dollar. It does not give cybersecurity, legal, accounting, or banking advice. It labels the source record and the missing documents.
The searchable names in this file are Zamar McPherson, Garland Shelton, Olivia Oxley, Boynton Beach, Wytheville, Brooklyn, Western District of Virginia, FBI Richmond, HSI Washington, HSI St. Paul, Eden Prairie Police, Virginia State Police, Middlesex County Prosecutor, and Palm Beach County Sheriff’s Office. The searchable date anchors are June 25, 2026 for the DOJ release and July 1, 2026 for this source check.
The core public question is concrete: how did redirected wire-payment instructions move more than $3 million from intended payees into accounts tied to the conspiracy, what records show who recovered what, and what final orders will the court impose?
Source Ledger
- DOJ USAO Western District of Virginia release, June 25, 2026
- DOJ USAO Western District of Virginia news index, accessed July 1, 2026
- FBI Business Email Compromise public guidance, context only
- FBI Internet Crime Complaint Center, public-reporting context only
Source status note: DOJ controls the case facts. FBI and IC3 links are context and public-reporting resources only. No social posts, private victim claims, bank screenshots, leaked emails, or third-party reports were used as standalone facts.
Featured image is symbolic editorial artwork created for BadPD. It is not Zamar McPherson, Garland Shelton, Olivia Oxley, a victim, a bank, an email screenshot, an account record, FBI imagery, HSI imagery, or a court exhibit.
Send receipts for the desk to research
Send corrections, missing records, police-accountability tips, good-cop public-service receipts, government/court/war leads, recall alerts, or property-tax help resources. Tips are leads only until BadPD verifies records.
Links, dates, agency names, docket numbers, bodycam IDs, recall numbers, forms, and official pages.
Every tip is a lead, not a fact. The desk checks records before publishing.
Use advertising inquiry when you want clearly labeled sponsor space or available ad placements on BadPD.