US law enforcement announced today the arrests of 74 individuals accused of orchestrating BEC (business email compromise) scams through which they stole millions from users across the world.
Authorities arrested 42 users in the US, 29 in Nigeria, and one in Canada, Mauritius, and Poland, respectively. According to US authorities, among those arrested in BEC schemes include:
⟠ Following an investigation by the FBI and the U.S. Secret Service, 23 individuals were charged in the Southern District of Florida with laundering at least $10 million from proceeds of BEC scams, including eight people charged in an indictment unsealed last week in Miami. These eight defendants are alleged to have conspired to launder proceeds from numerous BEC scams, totaling at least approximately $5 million, including approximately $1.4 million from a victim corporation in Seattle, as well as various title companies and a law firm.
⟠ Following an investigation led by the FBI with the assistance of the IRS Criminal Investigation, Gloria Okolie and Paul Aisosa, both Nigerian nationals residing in Dallas, Texas, were charged in an indictment filed on June 6 in the Southern District of Georgia. According to the indictment, they are alleged to have victimized a real estate closing attorney by sending the lawyer a spoofing email posing as the seller and requesting that proceeds of a real estate sale in the amount of $246,000 be wired to Okolie’s account. They are charged with laundering approximately $665,000 in illicit funds. The attorney experienced $130,000 in losses after the bank was notified of the fraud and froze $116,000.
⟠ Adeyemi Odufuye aka “Micky,” “Micky Bricks,” “Yemi,” “GMB,” “Bawz” and “Jefe,” 32, and Stanley Hugochukwu Nwoke, aka Stanley Banks,” “Banks,” “Hugo Banks,” “Banky,” and “Jose Calderon,” 27, were charged in a seven-count indictment in the District of Connecticut in a BEC scheme involving an attempted loss to victims of approximately $2.6 million, including at least $440,000 in actual losses to one victim in Connecticut. A third co-conspirator Olumuyiwa Yahtrip Adejumo, aka “Ade,” “Slimwaco,” “Waco,” “Waco Jamon,” “Hade,” and “Hadey,” 32, of Toledo, Ohio, pleaded guilty on April 20 to one count of conspiracy to commit wire fraud. Odufuye was extradited from the United Kingdom to the United States and on Jan. 3, pleaded guilty to one count of conspiracy to commit wire fraud and one count of aggravated identity theft. Nwoke was extradited to the United States from Mauritius on May 25, marking the first extradition in over 15 years from Mauritius. His case is pending.
⟠ Richard Emem Jackson, aka Auwire, 23, of Lagos, Nigeria, was charged in an indictment filed on May 17 in the District of Massachusetts with two counts of unlawful possession of a means of identification as part of a larger fraud scheme. According to the indictment, on two occasions in 2017, Jackson is alleged to have possessed the identifications of two victims with the intent to commit wire fraud conspiracy. In another case being prosecuted in the District of Massachusetts, a 25-year-old Fort Lauderdale, Florida man was indicted in federal court in Boston on June 6 on one count of money laundering conspiracy. According to the indictment, the individual was part of a conspiracy that engaged in wire fraud. It is alleged that in early 2018, the defendant’s co-conspirators gained access to email accounts belonging to a Massachusetts real estate attorney and sent emails to recipients in Massachusetts that “spoofed” the real estate attorney’s account in an attempt to cause the email recipient to transfer nearly $500,000, which was intended to be used for payment in connection with a real estate transaction, to a shell account belonging to a money mule recruited and controlled by the defendant.
US law enforcement agents said they also seized $2.4 million from the arrested suspects and recovered $14 million in fraudulent wire transfers.
BEC scams is today’s most profitable cybercrime trend
The arrests took place over the last two weeks and were part of Operation Wire Wire, an FBI-led investigation into business fraud, and especially BEC scams.
This term —BEC scam— describes a form of cybercrime where crooks pose as the representatives of legitimate companies to establish email communications with that firm’s business partners or customers, and then trick victims into transferring funds to bank accounts under the criminals’ control.
BEC scams have been the most damaging type of cybercrime in the US and across the world in the last two years. According to the FBI’s 2016 and 2017 Internet Crime Report, BEC scams have caused losses to companies in the US and across the world of over $360 million in 2016 and over $675 million in 2017, respectively.
Most BEC scam groups operate out of Nigeria
“Foreign citizens perpetrate many BEC scams,” said the US Department of Justice today in a press release announcing the arrest of the 74 suspects. “Those individuals are often members of transnational criminal organizations, which originated in Nigeria but have spread throughout the world.”
The DOJ’s assessment that many of these groups operate or have originated from Nigeria is consistent with recent reports from cyber-security firms such as Secureworks, Trend Micro, Crowdstrike, and Palo Alto Networks.
It is believed that most of these BEC scam groups have evolved from the old Nigerian groups that sent “419” and “Nigerian Prince” scams in the 1990s.
Many of these groups —known as “yahoo-yahoo boys,” “yahoo boiz,” or “G-boys”— evolved from sending email spam to distributing malware (such as RATs) and stealing proprietary info from infected companies, but some also choose to enter the BEC scamming market.
During the past few years, BEC scams have proven to be very lucrative. Some of the most high-profile BEC scam incidents include:
In May 2017, the FBI’s Internet Crime Complaint Center (IC3) estimated that BEC scammers stole over $5 billion from companies around the world between October 2013 and December 2016.
After today’s arrests in Operation Wire Wire, the FBI’s IC3 also published a guide on dealing with BEC scams.