80 Indicted for Scams, Including Business Email CompromisesIndictment Describes Fraud Schemes Involving Theft of Millions
Eighty suspects, most of them Nigerian nationals, have been indicted on charges of running global business email compromise and romance scams that led to millions of dollars in fraud and allegedly involved a complex money-laundering operation, according to the U.S. Department of Justice.
See Also: 2021: A Cybersecurity Odyssey
The 252-count indictment, revealed Thursday, also describes others crimes that targeted the elderly, according to the U.S. Attorney's Office for the Central District of California, which is overseeing the case along FBI agents in Los Angeles and elsewhere.
Happening Now. @USAttyHanna @FBILosAngeles @LASDHQ @LADAOffice announce Massive International Fraud and Money Laundering Conspiracy Detailed in Federal Grand Jury Indictment that Charges 80 Defendants pic.twitter.com/TUwi3Zbyh4— US Attorney L.A. (@USAO_LosAngeles) August 22, 2019
So far, the FBI has arrested 14 of the suspects, including 11 who were either living or working in the Los Angeles area. Others charged in the indictment remain at large, possibly living overseas, according to federal prosecutors.
The FBI issued some of the first search warrants related to this case in 2017, authorities say.
Law enforcement officials allege that two of those arrested, Valentine Iro, 31, and Chukwudi Christogunus Igbokwe, 38, who are both Nigerian citizens, helped coordinate banking and other money services for the scammer group. Once money was stolen from the victims, it was sent to Iro and Igbokwe in the U.S., who would then launder it, prosecutors allege.
Iro and Igbokwe, who are in federal custody, were involved in the laundering of at least $6 million, according to the indictment. Prosecutors believe that this group of scammers may have taken an additional $40 million from victims around the world that included businesses, law firms as well as individuals.
Each of the 80 suspects indicted Thursday faces charges of conspiracy to commit fraud, conspiracy to launder money and aggravated identity theft. Several of the defendants named in the indictment face additional charges of fraud and money laundering.
BEC: A Growing Concern
This is the second large-scale business email compromise scam that has come to light in the last several weeks.
Earlier this month, FBI agents arrested a Nigerian businessman for allegedly helping to carry out an $11 million business email compromise scheme that targeted a U.K. affiliate of U.S. heavy equipment manufacturer Caterpillar (see: FBI Arrests Nigerian Suspect in $11 Million BEC Scheme).
Over the last year, law enforcement has been warning companies and individuals about business email compromise schemes, which are also called CEO fraud.
These schemes often start with attackers stealing the email credentials of a top executive through phishing or other methods. Then they impersonate that executive, sending urgent messages to lower-level employees to transfer or wire money to bank accounts. In other cases, the attackers spoof a company's business partner.
A recent report from the U.S. Treasury Department found that business email compromise scams are surging, costing U.S. companies a total of more than $300 million a month (see: BEC Scams Cost U.S. Companies $300 Million Per Month: Study).
Chris Dawson, the threat intelligence lead at security firm Proofpoint, tells Information Security Media Group that even through law enforcement and businesses have woken up to the dangers of BEC scams, they are becoming much more prevalent.
"Unfortunately, given the overall success rate and low cost of executing email fraud attacks, it is likely that organizations are only seeing the tip of the iceberg in terms of both direct and indirect damages resulting from these types of attacks, which continue to scale and evolve," Dawson says. "These indictments also underscore the truly global nature of cybercrime - the only thing these criminals needed to initially reach their intended victims was an internet connection."
Thursday's indictment alleges that the scammers either hacked directly into the email systems of businesses or individuals they were targeting or attempted to intercept the emails and communications of a third party involved with the victims.
Vast Money Laundering
The court documents describe in great detail how the suspects allegedly moved money from one country to another to cover their tracks.
The indictment outlines how money allegedly was moved around banks in the U.S., Europe and parts of Africa and Asia. Some transactions were for as little as $10,000, with other transactions totaling $500,000 or more, the indictment states.
Iro and Igbokwe helped coordinate the transfer of victims' money from fraudulent bank accounts that they controlled to various U.S. bank accounts belonging to them and finally to illicit money exchangers, who would help launder the funds, prosecutors allege.
In several of the business email compromise schemes, Iro, Igbokwe and other fraudsters would use "money mules" to create fake accounts where money from businesses would be transferred, prosecutors allege. In other cases, these scammers allegedly created fake businesses that mirrored the names of legitimate businesses to make the transactions seem more real, authorities say.