Nigerian National Arrested for Stealing $7.5 Million from Charities

Authorities recently arrested Olusegun Samson Adejorin, a Nigerian hacker in Ghana, in connection to a fraud case that left a US charity short of $7.5 million.

The suspect, who was arrested on December 29, faces accusations of business email compromise (BEC) attacks, aggravated identity theft, wire fraud, and unauthorized access to a protected computer.

Stolen Credentials and Employee Impersonation

According to the US Department of Justice’s announcement, Adejorin defrauded two US charitable organizations, from Maryland and New York, between June and August 2020 by combining employee impersonation techniques and unauthorized access to email accounts.

The accused posed as an employee of one charity and requested large fund withdrawals from the other, which provided investment services to the former. Adejorin used stolen credentials to bypass rules that required approvals from authorized individuals for withdrawals exceeding $10,000, posing as employees from both organizations and sending emails from their accounts.

$7.5 Million Siphoned

“As part of the scheme, Adejorin also allegedly purchased a credential harvesting tool designed to steal email login credentials, registered spoofed domain names, and concealed the fraudulent emails from a legitimate employee by causing the fraudulent emails to be moved to an inconspicuous location within Employee 1’s mailbox,” the Department of Justice said.

The persuasive scam tricked the first victim into transferring no less than $7.5 million to attacker-owned bank accounts believed to belong to the other victim.

If found guilty, Adejorin could face up to 20 years for each of five counts of wire fraud, five years for unauthorized access to a protected computer, and two years in federal prison for each of the two counts of aggravated identity theft. According to the DoJ, the sentence could increase by seven years for “knowingly falsely registering and using a domain name.”

Scams: A Danger for Both Organizations and Individuals

Although Adejorin’s $7.5 million fraud impacted organizations, it’s important to remember that similar scams can also profoundly impact individuals. While individuals may not face financial losses as significant as $7.5 million, the relative effect on their personal finances and well-being can be just as damaging, if not more so.

Whether aimed at large entities or individuals, these scams demonstrate the far-reaching, potentially devastating consequences of such deceptive practices and the lack of proper defenses against them.

Protecting Against Online Fraud

Specialized services can help you keep a close eye on your digital footprint, manage and store credentials securely, and keep safe against all kinds of digital threats.

• Bitdefender Digital Identity Protection – Helps you manage your digital footprint to prevent leaked credentials from being stolen and exploited in similar attacks.
• Bitdefender Password Manager – Create, store and manage unique passwords for your online accounts to prevent tactics like credential stuffing or dictionary attacks from compromising your online identity.
• Bitdefender Ultimate Security – Comprehensive, 24/7 monitoring and protection against phishing attacks, scam emails, viruses, Trojans, spyware, ransomware, zero-day exploits, rootkits, and other digital threats.