A Nigerian national is facing an eight-count indictment related to business email compromise (BEC) charges involving two US charities, after being arrested in Ghana.
Olusegun Samson Adejorin has been charged with wire fraud, aggravated identity theft and unauthorized access to a protected computer, after stealing $7.5m from a New York-based charity.
He’s said to have purchased a credential harvesting tool in order to steal email login credentials from employees at this charity and a second charitable organization that provided investment services to it, based in North Bethesda, Maryland.
Adejorin then allegedly posed as an employee of the New York charity to request the second organization withdraw funds and send them to an account under his control.
Read more on BEC: BEC Attacks Surge 81% in 2022
Although withdrawals of this nature over $10,000 required approval from at least one of several individuals authorized by the Maryland investment services charity, he still managed to persuade it to transfer millions of dollars in this way.
Adejorin allegedly used classic BEC techniques including registering spoofed domain names and concealing fraudulent emails by moving them to “an inconspicuous location” in the mailbox, according to the US Department of Justice (DoJ).
The Nigerian is facing a maximum sentence of 20 years in federal prison for each of five counts of wire fraud, as well as a maximum of five years for unauthorized access to a protected computer and a mandatory two-year sentence for each of the two counts of aggravated identity theft.
After being arrested in Ghana on December 29 2023, Adejorin is being detained pending a first court appearance in the West African nation. It’s unclear how long extradition will take, although the country has a strong diplomatic relationship with the US.
BEC was the second highest grossing cybercrime type of 2022, amassing over $2.7bn for fraudsters, according to the FBI.