Security Experts:

Connect with us

Hi, what are you looking for?



Nigerian Fraudster Who Stole Millions Heads to U.S. Prison

A Nigerian man was sentenced in Manhattan federal court to 60 months in prison for his role in fraudulent business email compromise (BEC) scams, the United States Department of Justice announced this week.

A Nigerian man was sentenced in Manhattan federal court to 60 months in prison for his role in fraudulent business email compromise (BEC) scams, the United States Department of Justice announced this week.

The man, Onyekachi Emmanuel Opara, 30, of Lagos, Nigeria, was charged for defrauding thousands of victims of more than $25 million. He pleaded guilty to conspiracy to commit wire fraud and wire fraud in April. 

In addition to the prison term, Opara was sentenced to two years of supervised release and was ordered to pay $2.5 million in restitution. His co-defendant, David Chukwuneke Adindu (“Adindu”), was sentenced in December 2017 to 41 months in prison and ordered to pay $1.4 million in restitution.

Between 2014 and 2016, Opara and Adindu engaged in multiple BEC scams that targeted victims worldwide, including the United States, the United Kingdom, Australia, Switzerland, Sweden, New Zealand, and Singapore. 

As part of the scheme, Opara sent fake emails to employees of the victim companies, asking for funds to be transferred to specified bank accounts. The emails claimed to arrive from supervisors at those companies or from third party vendors the companies did business with. 

“In reality, the emails were either sent from email accounts with domain names very similar to those of the companies and vendors, or the metadata for the emails was modified to make it appear as if the emails had been sent from legitimate email addresses,” the DoJ explains. 

The fraudsters withdrew the funds immediately after the victims transferred them, or moved them to other bank accounts controlled by scheme participants. The fraudsters attempted to steal more than $25 million from their intended victims.

Opara also created accounts on dating websites and engaged in online romantic relationships with individuals in the United States by posing as a young attractive woman. Using this fake identity, he instructed individuals in the U.S. to send money overseas and/or to receive money fraudulently acquired through the BEC scams, and forward the proceeds to others. 

One of the individuals who fell to this romantic relationship scheme sent over $600,000 of their own money to bank accounts controlled by scheme participants.

“Opara also attempted to recruit at least 14 other individuals via dating websites to receive funds from BEC scams into their bank accounts and then transfer the proceeds to overseas bank accounts,” the DoJ reveals.

The fraudster was arrested in December 2016, in Johannesburg, South Africa, and was extradited to the U.S. in January 2018. 

Related: BEC Scam Losses Top $12 Billion: FBI

Related: Nigerian Sentenced to Prison in U.S. for BEC Scams

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this webinar to learn best practices that organizations can use to improve both their resilience to new threats and their response times to incidents.


Join this live webinar as we explore the potential security threats that can arise when third parties are granted access to a sensitive data or systems.


Expert Insights

Related Content


Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.


The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.


Satellite TV giant Dish Network confirmed that a recent outage was the result of a cyberattack and admitted that data was stolen.


The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Application Security

PayPal is alerting roughly 35,000 individuals that their accounts have been targeted in a credential stuffing campaign.


No one combatting cybercrime knows everything, but everyone in the battle has some intelligence to contribute to the larger knowledge base.


A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...


As it evolves, web3 will contain and increase all the security issues of web2 – and perhaps add a few more.