A Nigerian national, Obinwanne Okeke, has been sentenced to 10 years in prison for allegedly coordinating an international spearphishing campaign that has cost victims approximately $11 million in losses.
The scheme, which lasted from 2015 to 2019, targeted Unatrac Holding Limited, a British firm that acted as the export sales office for Caterpillar, with fake invoices and wire transfer requests. The FBI opened an investigation into the alleged scam in 2018 after Unatrac raised alarm about an email compromise operation that had targeted the firm, according to court documents.
The scheme collected the credentials of hundreds of victims over the course of the operation, according to the FBI press release on the matter.
It’s the kind of business email compromise scam that plagues businesses around the world. There were $1.7 billion worth of losses caused by BEC scams in 2019 alone, the most recent year the FBI has published data on, according to the FBI’s Internet Crime Complaint Center.
Okeke and his alleged co-conspirators sent Unatrac’s chief financial officer a phishing email with a fake login link to the CFO’s Microsoft Office365 email account, where he then entered his credentials, according to an FBI affidavit.
After the scammers had access to the CFO’s account, they sent fraudulent wire transfer requests with attached invoices, logos and invoice templates they found in the CFO’s email account to Unatrac’s financial department.
They also controlled the email filters in the CFO’s account so he wouldn’t easily be able to see the emails sent or received while the scheme impersonated him.
After obtaining a search warrant, the FBI worked with Google to obtain information about an email account that the scammers sent information to — and uncovered it had been running other alleged scams, including computer intrusion, trafficking in stolen identities and passwords and conspiracies to obtain money through fraudulent wire transfers, according to the affidavit. The FBI also found records of stolen email account passwords and copies of passports and driver’s licenses that appeared to have been stolen.
Microsoft, which the attackers allegedly leveraged in this operation, is one of the top brands that scammers imitate when running credential-stealing operations using typo-squatting, according to research published last fall by Palo Alto Networks.