Data Security, Vulnerability Management, Email security

WhatsApp used in BEC scam to pilfer $6.4M

Share
Whatsapp BEC scam arrest

Three Nigerians allegedly used spoofed emails and WhatsApp messages to inveigle more than $6 million from victims in the latest large-scale business email compromise case to go before the courts.

One of the men, Kosi Goodness Simon-Ebo, aged 29, was extradited from Canada last week and appeared in U.S. District Court in Greenbelt, Maryland.

His co-defendants, James Junior Aliyu, 28, and Henry Onyedikachi Echefu, 31, were arrested in South Africa where all three reside, the Department of Justice said in a statement.

The men are charged with conspiracy, wire fraud and money laundering in relation to a business email compromise (BEC) scheme where their victims were duped into wiring more than $6.4 million into bank accounts the trio controlled.

According to a seven-count indictment (PDF), the men conspired with others to perpetrate the BEC scheme between February 2016 and July 2017.

The indictment names Fon Fomukong, Nkeng Amin, Carlson Cho and “other persons” as co-conspirators, but does not specify whether they reside in Maryland or elsewhere.

Full details of the alleged scam have not been made public but BEC schemes typically involve perpetrators presenting their victims with what appear to be authentic business invoices, or pretending to be a college who has authorized a payment to be made.

BEC fraud cost victims $2.7 billion last year and was the second most expensive type of scam (behind investment scams) according to the FBI’s 2022 Internet Crime Report.

The FBI received 21,832 BEC complaints in 2022 and has recorded more than $43 billion in losses through BEC and email account compromise scams since 2016.

While the volume of BEC attacks had skyrocketed in the past two years, 98% of employees failed to report the threats, according to a recent report by Abnormal Security.

Last month, a Nigerian man was sentenced to four years and one month imprisonment for his involvement in several BEC, romance, check-cashing, and work-from-home scams that cost victims more than $1 million.

In the latest case, involving Simon-Ebo and his co-accused, it is alleged the men moved stolen money from ‘drop accounts’ they controlled to other accounts by initiating account transfers, withdrawing cash, obtaining cashier’s checks, and by writing checks to other individuals and entities — all in a bid to hide the true ownership and source of the funds. 

Simon-Ebo is charged with three wire fraud counts involving $6,343,533.10 of victim funds allegedly wired to accounts controlled by his conspirators.

Aliyu — who is also known as “Old Soldier” and “Ghost,” according to the indictment — is charged over a $350,000 wire transfer from a Bank of America drop account located in Maryland to a bank account he is said to control in South Africa.

If convicted, the men each face a maximum sentence of 20 years in federal prison for the wire fraud conspiracy and money laundering conspiracy charges, and for each count of wire fraud. 

Aliyu also faces a maximum of 20 years in federal prison for money laundering.

Simon Hendery

Simon Hendery is a freelance IT consultant specializing in security, compliance, and enterprise workflows. With a background in technology journalism and marketing, he is a passionate storyteller who loves researching and sharing the latest industry developments.