Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cybercrime

Nigerian Man Living in U.S. Charged Over Role in BEC Scheme

A Nigerian national residing in Buffalo, New York, was indicted this week for facilitating a business email compromise (BEC) scam that resulted in hundreds of thousands of dollars being stolen from various companies.

Charged with conspiracy to commit wire fraud, the man, Eric Iwu, aka James, 32, faces up to 20 years in prison and a fine of $250,000.

A Nigerian national residing in Buffalo, New York, was indicted this week for facilitating a business email compromise (BEC) scam that resulted in hundreds of thousands of dollars being stolen from various companies.

Charged with conspiracy to commit wire fraud, the man, Eric Iwu, aka James, 32, faces up to 20 years in prison and a fine of $250,000.

BEC scammers typically target organizations that conduct wire transfers, and they impersonate CEOs or other executives that can authorize wire transfers, and then alter invoices to redirect funds to bank accounts controlled by the attackers.

One of the victims, a power construction company located in Dubai, UAE, fell victim to a BEC fraud attack using a Wells Fargo checking account. In 2018, the company was defrauded of hundreds of thousands of dollars.

Iwu, the United States Department of Justice says, was the registered owner of a checking account opened at a Citizens Bank in West Seneca, NY, which received two wire transfers related to the scam.

In February 2019, a United Kingdom company was the victim of a BEC attack that employed a Northwest Bank checking account that was eventually traced to Iwu. The company sent $55,242 to the checking account.

Another account traced to Iwu was a business account opened at the Citizens Bank in June 2019. The account received two wire transfers of $131,636 and $112,912 from the third and fourth victim of the BEC operation, respectively.

The defendant appeared at a hearing and was placed in detention, pending further proceedings.

Related: Turkish National Charged for DDoS Attack on U.S. Company

Related: US Charges Swiss ‘Hacktivist’ for Data Theft and Leaks

Related: U.S. Charges North Korean Hackers Over $1.3 Billion Bank Heists

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Expert Insights

Related Content

Cybercrime

Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.

Cybercrime

The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.

Cybercrime

The FBI dismantled the network of the prolific Hive ransomware gang and seized infrastructure in Los Angeles that was used for the operation.

Cybercrime

A new study by McAfee and the Center for Strategic and International Studies (CSIS) named a staggering figure as the true annual cost of...

Email Security

Microsoft is urging customers to install the latest Exchange Server updates and harden their environments to prevent malicious attacks.

Cybercrime

Video games developer Riot Games says source code was stolen from its development environment in a ransomware attack

Cybercrime

CISA, NSA, and MS-ISAC issued an alert on the malicious use of RMM software to steal money from bank accounts.

Application Security

PayPal is alerting roughly 35,000 individuals that their accounts have been targeted in a credential stuffing campaign.