Authorities have arrested a Nigerian mastermind scammer for leading an international criminal network's efforts to steal $60 million from its victims. INTERPOL arrested the 40-year-old Nigerian national, known as "Mike," in June 2016 after law enforcement officers received a report containing actionable intelligence from Trend Micro, a strategic partner at the INTERPOL Global Complex for Innovation (IGCI) in Singapore. That report ultimately led authorities to locate Mike in Nigeria via the cooperation of the the Nigerian Economic and Financial Crime Commission (EFCC).
According to a statement released by INTERPOL, the scammer headed a network of at least 40 individuals based in Nigeria, Malaysia, and South Africa who provided him with malware. He also had money laundering contacts in China, Europe, and the United States who controlled bank accounts to facilitate the flow of cash stolen via the scams. Mike's network engaged in two types of scams. The first was payment diversion fraud, or a ploy by which attackers compromise a supplier's email and instruct another company to submit a payment to a bank account under their control. The second was CEO fraud, where attackers compromise the email account of a high-ranking executive and use it to trick an employee into authorizing a fraudulent wire transfer to a bank account under their control. CEO fraud is a form of business email compromise (BEC), a type of scam which cost an American corporation close to $100 million in the summer of 2015. Globally, BEC scams have robbed more than 22,000 companies of $3.1 billion. Noboru Nakatani, Executive Director of the IGCI, hopes Mike's arrest will help alert the private sector to the dangers of BEC scams:
"The public, and especially businesses, need to be alert to this type of cyber-enabled fraud. Basic security protocols such as two-factor authentication and verification by other means before making a money transfer are essential to reduce the risk of falling victim to these scams. It is exactly through this type of public and private sector cooperation that INTERPOL will continue to help member countries in bringing cybercriminals to justice no matter where they are."
Mike's network compromised small- and mid-sized businesses based in the United States, South Africa, Thailand, and elsewhere. Their efforts netted $60 million, including $15.4 million from just one victim company. For more information on BEC scams, please see the FBI's alert on the threat here.
