A Nigerian national was arrested in Ghana and faces charges in the US for his role in a business email compromise (BEC) scheme involving two charitable organizations.
According to the indictment, between June and August 2020, the man, Olusegun Samson Adejorin, targeted two charities located in North Bethesda, Maryland, and New York, New York.
Adejorin allegedly obtained the credentials of employees of both organizations, accessed their email accounts and impersonated employees at one of the charities to request withdrawals of funds from the other charity.
The indictment alleges that Adejorin made fraudulent requests for more than $7.5 million to be transferred to bank accounts he controlled.
Furthermore, Adejorin allegedly purchased a credential harvesting tool to steal employee credentials, registered domains that spoofed legitimate websites, and hid fraudulent emails by moving them to an inconspicuous location in an employee’s mailbox.
Arrested in Ghana on December 29, 2023, Adejorin is charged with five counts of wire fraud, one count of unauthorized access to a protected computer, and two counts of aggravated identity theft. He is currently awaiting his initial appearance in court in Ghana.
Perpetrated over email, Adejorin’s scheme is a typical example of BEC fraud, where attackers send fraudulent emails to employees in charge of making payments for an organization, posing as employees at business partners and demanding that wire transfers be made to bank accounts under the attackers’ control.
More recently, however, BEC scammers have started using other communication channels to perpetrate this type of fraud, SafeGuard Cyber CEO Chris Lehman tells SecurityWeek.
“Other vulnerable channels are surfacing for attackers in 2024. We are already starting to see a shift from email-based fraud to new channels such as SMS, WhatsApp, Signal, social media, and other workplace messaging apps like Slack or Microsoft Teams. Organizations should take this as a sign – if they haven’t already – that security defenses must be fortified across every channel,” Lehman says.
Related: Nigerian Pleads Guilty in US to Million-Dollar BEC Scheme Role
Related: Nigerian Man Sentenced to 8 Years in US Prison for $8 Million BEC Scheme
Related: Microsoft: BEC Scammers Use Residential IPs to Evade Detection
