Authorities recently arrested Olusegun Samson Adejorin, a Nigerian hacker in Ghana, in connection to a fraud case that left a US charity short of $7.5 million.
The suspect, who was arrested on December 29, faces accusations of business email compromise (BEC) attacks, aggravated identity theft, wire fraud, and unauthorized access to a protected computer.
According to the US Department of Justice’s announcement, Adejorin defrauded two US charitable organizations, from Maryland and New York, between June and August 2020 by combining employee impersonation techniques and unauthorized access to email accounts.
The accused posed as an employee of one charity and requested large fund withdrawals from the other, which provided investment services to the former. Adejorin used stolen credentials to bypass rules that required approvals from authorized individuals for withdrawals exceeding $10,000, posing as employees from both organizations and sending emails from their accounts.
“As part of the scheme, Adejorin also allegedly purchased a credential harvesting tool designed to steal email login credentials, registered spoofed domain names, and concealed the fraudulent emails from a legitimate employee by causing the fraudulent emails to be moved to an inconspicuous location within Employee 1’s mailbox,” the Department of Justice said.
The persuasive scam tricked the first victim into transferring no less than $7.5 million to attacker-owned bank accounts believed to belong to the other victim.
If found guilty, Adejorin could face up to 20 years for each of five counts of wire fraud, five years for unauthorized access to a protected computer, and two years in federal prison for each of the two counts of aggravated identity theft. According to the DoJ, the sentence could increase by seven years for “knowingly falsely registering and using a domain name.”
Although Adejorin’s $7.5 million fraud impacted organizations, it’s important to remember that similar scams can also profoundly impact individuals. While individuals may not face financial losses as significant as $7.5 million, the relative effect on their personal finances and well-being can be just as damaging, if not more so.
Whether aimed at large entities or individuals, these scams demonstrate the far-reaching, potentially devastating consequences of such deceptive practices and the lack of proper defenses against them.
Specialized services can help you keep a close eye on your digital footprint, manage and store credentials securely, and keep safe against all kinds of digital threats.
tags
Vlad's love for technology and writing created rich soil for his interest in cybersecurity to sprout into a full-on passion. Before becoming a Security Analyst, he covered tech and security topics.
View all postsDecember 19, 2024
November 14, 2024