Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cybercrime

Nigerian Arrested, Charged in $7.5 Million BEC Scheme Targeting US Charities

A Nigerian national arrested in Ghana faces charges in the US for a BEC scheme involving two charitable organizations.

A Nigerian national was arrested in Ghana and faces charges in the US for his role in a business email compromise (BEC) scheme involving two charitable organizations.

According to the indictment, between June and August 2020, the man, Olusegun Samson Adejorin, targeted two charities located in North Bethesda, Maryland, and New York, New York.

Adejorin allegedly obtained the credentials of employees of both organizations, accessed their email accounts and impersonated employees at one of the charities to request withdrawals of funds from the other charity.

The indictment alleges that Adejorin made fraudulent requests for more than $7.5 million to be transferred to bank accounts he controlled.

Furthermore, Adejorin allegedly purchased a credential harvesting tool to steal employee credentials, registered domains that spoofed legitimate websites, and hid fraudulent emails by moving them to an inconspicuous location in an employee’s mailbox.

Arrested in Ghana on December 29, 2023, Adejorin is charged with five counts of wire fraud, one count of unauthorized access to a protected computer, and two counts of aggravated identity theft. He is currently awaiting his initial appearance in court in Ghana.

Perpetrated over email, Adejorin’s scheme is a typical example of BEC fraud, where attackers send fraudulent emails to employees in charge of making payments for an organization, posing as employees at business partners and demanding that wire transfers be made to bank accounts under the attackers’ control.

More recently, however, BEC scammers have started using other communication channels to perpetrate this type of fraud, SafeGuard Cyber CEO Chris Lehman tells SecurityWeek.

Advertisement. Scroll to continue reading.

“Other vulnerable channels are surfacing for attackers in 2024. We are already starting to see a shift from email-based fraud to new channels such as SMS, WhatsApp, Signal, social media, and other workplace messaging apps like Slack or Microsoft Teams. Organizations should take this as a sign – if they haven’t already – that security defenses must be fortified across every channel,” Lehman says.

Related: Nigerian Pleads Guilty in US to Million-Dollar BEC Scheme Role

Related: Nigerian Man Sentenced to 8 Years in US Prison for $8 Million BEC Scheme

Related: Microsoft: BEC Scammers Use Residential IPs to Evade Detection

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Gain valuable insights from industry professionals who will help guide you through the intricacies of industrial cybersecurity.

Register

Join us for an in depth exploration of the critical nature of software and vendor supply chain security issues with a focus on understanding how attacks against identity infrastructure come with major cascading effects.

Register

Expert Insights

Related Content

Cybercrime

The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Cybercrime

As it evolves, web3 will contain and increase all the security issues of web2 – and perhaps add a few more.

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Cybercrime

Luxury retailer Neiman Marcus Group informed some customers last week that their online accounts had been breached by hackers.

Cybercrime

Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.

Artificial Intelligence

The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.

Cybercrime

Satellite TV giant Dish Network confirmed that a recent outage was the result of a cyberattack and admitted that data was stolen.

Cybercrime

Patch Tuesday: Microsoft calls attention to a series of zero-day remote code execution attacks hitting its Office productivity suite.