A Nigerian national residing in Buffalo, New York, was indicted this week for facilitating a business email compromise (BEC) scam that resulted in hundreds of thousands of dollars being stolen from various companies.
Charged with conspiracy to commit wire fraud, the man, Eric Iwu, aka James, 32, faces up to 20 years in prison and a fine of $250,000.
BEC scammers typically target organizations that conduct wire transfers, and they impersonate CEOs or other executives that can authorize wire transfers, and then alter invoices to redirect funds to bank accounts controlled by the attackers.
One of the victims, a power construction company located in Dubai, UAE, fell victim to a BEC fraud attack using a Wells Fargo checking account. In 2018, the company was defrauded of hundreds of thousands of dollars.
Iwu, the United States Department of Justice says, was the registered owner of a checking account opened at a Citizens Bank in West Seneca, NY, which received two wire transfers related to the scam.
In February 2019, a United Kingdom company was the victim of a BEC attack that employed a Northwest Bank checking account that was eventually traced to Iwu. The company sent $55,242 to the checking account.
Another account traced to Iwu was a business account opened at the Citizens Bank in June 2019. The account received two wire transfers of $131,636 and $112,912 from the third and fourth victim of the BEC operation, respectively.
The defendant appeared at a hearing and was placed in detention, pending further proceedings.
Related: Turkish National Charged for DDoS Attack on U.S. Company
Related: US Charges Swiss ‘Hacktivist’ for Data Theft and Leaks
Related: U.S. Charges North Korean Hackers Over $1.3 Billion Bank Heists

More from Ionut Arghire
- Former Ubiquiti Employee Who Posed as Hacker Pleads Guilty
- Atlassian Warns of Critical Jira Service Management Vulnerability
- Exploitation of Oracle E-Business Suite Vulnerability Starts After PoC Publication
- Google Shells Out $600,000 for OSS-Fuzz Project Integrations
- F5 BIG-IP Vulnerability Can Lead to DoS, Code Execution
- Flaw in Cisco Industrial Appliances Allows Malicious Code to Persist Across Reboots
- HeadCrab Botnet Ensnares 1,200 Redis Servers for Cryptomining
- Malicious NPM, PyPI Packages Stealing User Information
Latest News
- Microsoft: Iran Unit Behind Charlie Hebdo Hack-and-Leak Op
- Feds Say Cyberattack Caused Suicide Helpline’s Outage
- Big China Spy Balloon Moving East Over US, Pentagon Says
- Former Ubiquiti Employee Who Posed as Hacker Pleads Guilty
- Cyber Insights 2023: Venture Capital
- Atlassian Warns of Critical Jira Service Management Vulnerability
- High-Severity Privilege Escalation Vulnerability Patched in VMware Workstation
- Exploitation of Oracle E-Business Suite Vulnerability Starts After PoC Publication
