A Nigerian national was arrested in Ghana and faces charges in the US for his role in a business email compromise scheme involving two charitable organizations.
According to the indictment, between June and August 2020, the man, Olusegun Samson Adejorin, targeted two charities located in North Bethesda, Maryland, and New York, New York.
Adejorin allegedly obtained the credentials of employees of both organizations, accessed their email accounts and impersonated employees at one of the charities to request withdrawals of funds from the other charity.
The indictment alleges that Adejorin made fraudulent requests for more than $7.5 million to be transferred to bank accounts he controlled.
Adejorin allegedly purchased a credential harvesting tool to steal employee credentials, registered domains that spoofed legitimate websites, and hid fraudulent emails by moving them to an inconspicuous location in an employee's mailbox.
Arrested in Ghana on December 29, 2023, Adejorin is charged with five counts of wire fraud, one count of unauthorized access to a protected computer, and two counts of aggravated identity theft.
He is currently awaiting his initial appearance in court in Ghana.
Perpetrated over email, Adejorin's scheme is a typical example of BEC fraud, where attackers send fraudulent emails to employees in charge of making payments for an organization, posing as employees at business partners and demanding that wire transfers be made to bank accounts under the attackers' control.
More recently BEC scammers have started using other communication channels to perpetrate this type of fraud, SafeGuard Cyber CEO Chris Lehman tells SecurityWeek.
This Cyber News was published on www.securityweek.com. Publication date: Fri, 05 Jan 2024 11:43:05 +0000