Nigerian national Kosi Goodness Simon-Ebo, aged 29, was deported from Canada to the United States in April. He has now pled guilty to wire fraud and money laundering, both of which are connected to business email compromise (BEC).
In 2017, while in South Africa, Simon-Ebo openly confessed to collaborating with individuals in the United States. Their plan was to organise a scheme and compromise the security of both company and staff email accounts. This scheme’s overall planned losses were close to $7 million.
Simon-Ebo admitted publicly in court. He said that he gained unauthorised access to the email accounts of specific persons and organisations. Additionally, he admitted to planning a strategy that involved sending fake email messages from bogus accounts, with the aim of tricking people into sending money via wire transfer to bank accounts controlled by Simon-Ebo and his associates.
Following that, the fraudsters transferred the funds to several accounts, further concealing the money’s trace. This complex procedure resulted in cash withdrawals. Additionally, as part of their plan, the money launderers paid different people and companies with cashier’s checks, making it more difficult to determine the true source of the money.
According to US Department of Justice (DOJ):
The intended loss for transactions in which Simon-Ebo was directly involved—which were some, but not all of the transactions involving Simon-Ebo and his co-conspirators—was approximately $6,988,249, and the actual loss resulting from these transactions was at least $1,072,306.
Court has scheduled Simon-Ebo’s punishment for November 29th. His involvement in wire fraud and money laundering schemes might result in a maximum jail term of 20 years.
In addition, as part of his sentence, he will be required to pay settlements in the amount of $1,072,306, which is equal to the whole losses experienced by the victims.
BEC is still a top option for cybercriminals wanting to make money. According to FBI report, it ranked second among cybercrime categories the previous year, collecting almost $2.7 billion. This highlights its persistent attractiveness to cybercriminals seeking fraudulent financial advantage.
According to Verizon’s assessment as of June 2023, the number of BEC assaults had significantly increased for the year, nearly tripling. These attacks frequently start from compromised email addresses.
The FBI issued an alert in March 2023, warning to a change in strategy among BEC scammers. Their new focus is valuable assets like hardware, building supplies, and solar products, moving beyond mere financial gains. This adaption illustrates how the BEC threat environment is always changing.
US Attorney for the District of Columbia Mr. Matthew M. Graves said:
Business email compromise schemes wreak havoc on companies, governments and other institutions. The best way to thwart a BEC scheme is due diligence. Check and double-check the email address before responding with any information that could put you or your employer at risk. Once a breach is identified, we will do everything in our power to identify, arrest and prosecute the perpetrators no matter where they hide.
The FBI has the authority to recover money taken in BEC attacks if the victim promptly informs both the relevant financial institution and the FBI’s Internet Crime Complaint Centre. In 2022, the FBI’s Rapid Action Team achieved notable success, initiating a financial fraud prevention process for 2,838 BEC allegations involving domestic-to-domestic transactions totaling $590 million.
As a result, they were able to effectively recover around $433 million in stolen assets. This highlights the necessity of timely reporting and the FBI’s efforts to stop BEC scams.
Help your colleagues keep a security-first mindset and boost your human firewall by starting your Phishing Tackle security awareness training today with our two-week free trial.