Nigerian National Arrested in BEC Scheme

Olusegun Samson Adejorin, a Nigerian national, was apprehended in Ghana in connection with a Business Email Compromise (BEC) scheme. The allegations against the accused involve defrauding two US-based charitable organizations.

Adejorin was arrested in Ghana on December 29, 2023. He is facing charges in the US for his role in a BEC fraud involving American charitable organizations. The indictment states that Adejorin engaged in illegal activities between June and August 2020, targeting one charity in North Bethesda, Maryland, and another in New York, New York.

Stolen Employee Credentials

The accused allegedly obtained the credentials of employees from both organizations. He did this by nefariously accessing their email accounts and then impersonating these employees. Using these identities, Adejorin deceitfully requested monetary transfers from the other charity, effectively pitting the organizations against each other.

Fraudulent Requests for Upwards of $7.5 million

The indictment alleges further that Adejorin made fraudulent requests for more than $7.5 million. This substantial sum was meant to be transferred to bank accounts under his control, thereby misappropriating funds intended for charitable activities.

Used Credential Harvesting Tool for Identity Theft

In a detailed modus operandi, Adejorin is alleged to have used a credential harvesting tool to steal employee credentials. In addition, he registered domain names that spoofed legitimate websites, thereby fooling unsuspecting victims. To further conceal his tracks, the accused moved fraudulent emails to an obscure location within an employee's mailbox. This method ensured the fraudulent activities were hidden from the immediate view of the victims.

Criminal Charges and Arrest Details

Adejorin's arrest was made in Ghana, signaling the international collaboration of law enforcement agencies in curbing internet-themed crimes. His illicit activities purportedly spanned between June and August 2020, during which he orchestrated a complex scheme targeting two charitable organizations based in the United States. This large-scale scam eventually led to his capture by Ghanaian authorities at the close of 2023.

Charged with Wire Fraud, Unauthorized Access to a Protected Computer, and Aggravated Identity Theft

In connection with the BEC scheme, Adejorin was slapped with several charges brought by the United States. These charges include five counts of wire fraud, one count of unauthorized access to a protected computer, and two counts of aggravated identity theft. These serious charges are expected to carry a penalty of over twenty years in prison if Adejorin is found guilty. His shady conduct rests on stealing and using employees' login credentials from victimized companies, registering spoofed domain names, and concealing his fraudulent activities via email.

Awaiting Court Appearance in Ghana

Following his arrest, Adejorin awaits his initial court appearance in Ghana. The country's judiciary is expected to determine the next course of action concerning his charges. His arrest and subsequent trial are a testament to the international cooperation between countries in handling such cybersecurity crimes, especially involving multi-million dollar scams.

Mechanism of the BEC Scheme

The strategy operatives like Olusegun Samson Adejorin use to carry out Business Email Compromise (BEC) schemes is multi-faceted. By focusing on email fraud and credential theft, they gain unauthorized access to vital information. By duping legitimate users or directly stealing these credentials using specialized tools, they can access protected systems and commence their nefarious activities.

Involved Email Fraud and Credential Theft

The primary technique used in business email compromise scams hinges on email fraud and the theft of credentials. The fraudster acquires the login details of unsuspecting employees from victim companies by unlawful means. This unauthorized access allows the attacker to operate within the organization's system under a fallacious identity, granting them access to internal information, especially those related to financial transactions. Email accounts that interface frequently with large sums of money are the primary targets.

Registered Domains that Mimicked Legitimate Websites

As part of the ploy, Adejorin and fraudsters alike often register spoofed domain names. These spoofed domains closely resemble the web addresses of legitimate websites related to the targeted organization, making it hard for recipients of their communication to suspect foul play. Due to the reliable appearance of these domains, Adejorin could successfully deceive his targets, tricking them into believing that they were carrying out transactions with legitimate partners.

Hidden Fraudulent Emails in Obscure Locations in User's Mailbox

To ensure the longevity of the fraud, scammers often hide the evidence of their illegitimate activities. This tactic involves moving fraudulent emails to unnoticeable areas within the employee's mailbox. By doing this, they ensure that these emails avoid immediate detection, thus allowing the fraudulent activities to continue for longer periods. This combination of sophisticated mechanisms underlines the complexity of a conventional BEC scheme and highlights the challenges organizations face when dealing with this form of cyber threat.

Emergence of New Communication Channels for BEC Scammers

While the traditional method of perpetrating business email compromise (BEC) schemes revolved largely around the use of manipulated emails, it has been reported that fraudsters are becoming ever more innovative, employing an array of new communication channels. As the landscape for these scams evolves, so must the strategies for combating them. Graduate Cyber CEO Chris Lehman emphasizes the need for organizations to reinforce their security defenses across all communication channels.

Use of SMS, WhatsApp, Signal, Social Media, and Other Workplace Messaging Apps

Recently, BEC perpetrators have expanded their toolkit to include more direct and instantaneous modes of communication such as SMS, WhatsApp, Signal, social media platforms, and workplace messaging apps like Slack or Microsoft Teams. Such platforms provide the scammers with additional access points to potential victims. Fraudsters use these channels to impersonate partners, superiors, or other trusted organizations, requesting monetary transfers or sensitive information. As these communication modes often seem more personal or immediate than email, they can create an increased sense of urgency or legitimacy, often tricking the receiver into complying with the requests.

Need for Fortified Security Defenses Across All Channels 

BEC scams' pervasive and evolving threat calls for adaptive and fortified security defenses. SafeGuard Cyber CEO Chris Lehman emphasizes the importance of stringent security measures across all communication channels. Lehman suggests that this rising trend should signal organizations to preemptively safeguard each communication platform, from emails to messaging apps. This broadened security frontier is especially needed in a time where BEC fraud does not only target corporate businesses but has also expanded its reach to charities, federal funding programs, and more. Hence, adequate and up-to-date security mechanisms are necessary to fortify organizations against such pervasive and adaptive threats.

Technical Details

Visual & GUI Characteristics