Three Nigerian nationals extradited to the US face cyber fraud charges

Three Nigerian nationals have been extradited from the UK to the US following their alleged participation in multimillion-dollar cyber-enabled business email compromise (BEC) fraud schemes. The scams allegedly perpetrated by the defendants and their co-conspirators targeted unsuspecting victims, including universities in Texas, North Carolina, and Virginia.

According to allegations, from August 2016 to January 2017, the defendants and their co-conspirators sought to obtain information about significant construction projects across the US. The defendants allegedly registered domain names similar to the legitimate construction companies in charge of the projects and created email addresses that closely resembled an employee’s. 

Using the fake email addresses, the coconspirators allegedly deceived the universities and Texan local government entities into wiring payments of more than $5 million. The defendants then laundered the stolen proceeds upon receiving the payments through financial transactions designed to conceal the fraud.

According to a statement issued by the US Attorney General’s Office for the Southern District of New York, the individuals are charged with money laundering conspiracy, wire fraud conspiracy, and aggravated identity theft. The defendants face up to 20 years in prison if found guilty of the charge.

BEC fraud scheme

BEC fraud schemes, also known as “cyber-enabled financial fraud,” are scams that often target employees with access to company finances, businesses working with foreign suppliers, and firms that regularly perform wire transfer payments. 

The same criminal organizations that perpetrate BEC also exploit individual victims, often real estate purchasers, the elderly, and others, by convincing them to make wire transfers to bank accounts controlled by the criminals. This is usually accomplished by impersonating a key employee or business partner after obtaining access to that person’s email account or sometimes done through romance and lottery scams. 

Cyber-enabled crime trends

On June 30, 2021, the Financial Crimes Enforcement Network (FinCEN) published the first US government-wide list of national priorities for anti-money laundering and counter-terrorism financing (AML/CFT) and the Bank Secrecy Act (BSA). In this list, combatting fraud is highlighted as a priority because crimes that involve fraud generate the most significant volume of illegal proceeds. FinCEN highlighted BEC fraud schemes, noting they “were among a growing trend of cyber-enabled crime, with 32,000 reported cases involving almost $9 billion in attempted theft… affecting US financial institutions and their customers.”

Earlier this year, the FBI issued a public service announcement (PSA) sharing updated statistics on BEC attacks using social engineering and advanced phishing techniques. 

Key takeaways

A risk-based approach built around customer profiles, security, and payment flows, is key to a robust payment fraud risk-mitigation program – alongside employee and customer awareness of red flags. 

To stay protected from BEC fraud, the FBI advises firms to be aware of the following red flags:

• Unexplained urgency
• Last-minute changes in wire instructions or recipient account information
• Last-minute changes in established communication platforms or email account addresses
• Communications only in email and refusal to communicate via telephone or online voice or video platforms
• Requests for advanced payment of services when not previously required
• Requests from employees to change direct deposit information