Three Nigerian nationals have been extradited from the UK to the US after allegedly participating in business email compromise (BEC) attacks that attempted to steal millions from American organizations, including universities.
The alleged crimes cover jurisdictions in North Carolina, Texas and Virginia. They relate to Oludayo Kolawole John Adeagbo (aka John Edwards and John Dayo), 43, a Nigerian citizen and UK resident; Donald Ikenna Echeazu (aka Donald Smith and Donald Dodient), 40, a dual UK and Nigerian citizen; and Olabanji Egbinola, 42.
In North Carolina, Adeagbo and Echeazu allegedly conspired with others on a classic BEC scheme in which they spoofed the domain of a construction company and then sent fake invoices to a local university.
They tricked the university into wiring $1.9m in funds, which they then laundered “through a series of financial transactions,” according to the Department of Justice (DoJ).
In the Southern District of Texas, Adeagbo allegedly conspired with others to steal $3m from local organizations including construction companies, local government entities and a Houston-area college.
“The indictment alleges Adeagbo and his co-conspirators registered domain names that looked similar to legitimate companies. They then sent emails from those domains pretending to be employees at those companies, according to the charges,” the DoJ said.
“The conspirators allegedly sent emails to clients or customers of the companies they impersonated and deceived those customers into sending wire payments to bank accounts they controlled.”
Finally, in the Eastern District of Virginia, Egbinola is said to have worked with others to create a fake email account for a construction company which had a large contract with a local university.
They used this to trick the victim organization into wiring almost $500,000, which was quickly laundered overseas, the DoJ said.
Many of the crimes date back to 2016. The three were arrested in the UK in 2020 and their final appeals against extradition were rejected by the UK High Court on July 12 2022.
BEC is the biggest money-maker of any cybercrime activity, netting criminals almost $2.4bn last year. That’s over a third (35%) of total cybercrime losses reported to the FBI in 2021.