Nigerian entrepreneur Obinwanne Okeke has been jailed for reportedly organizing a global level spearphishing and email phishing campaign that has cost victims more than $11 million in losses.
The campaign that lasted from 2015 to 2019, targeted Unatrac Ltd, with phony invoices and wire transfer requests. Unatrac is a British organization that is responsible as the export sales office for Caterpillar.
According to the court documents, once the agency raised warnings about an email jeopardize activity, the FBI cybersecurity cell investigates for the alleged fraud in 2018.
According to the FBI’s press report on the issue, the phishing campaign collected and amassed credentials of hundreds of casualties over the operating period.
What BEC is:
The particular cyberattack is known as a BEC attack i.e. a Business Email Compromise. A BEC attack is an email phishing attack that is primarily initiated with a malicious actor spoofing emails to imitate being an organization’s representative or an associate vendor. Upon succeeding, they seek a legitimate-looking business payment. The phishing email appears authentic, seems to come from a known authority figure, so the employee complies.
While some BEC attacks integrate the use of malware, many rely on social engineering techniques, to which antivirus, spam filters, or email whitelisting are ineffective.
This specific cyberattack involved stealing a particular influential individuals’ authentic credentials to exploit them and thieve ample amounts of resources.
Massive victim losses:
According to FBI attestations, law offender Okeke and his alleged accomplices sent Unatrac’s CFO the phishing email with a phony login link to his Microsoft Office365 email account, wherein he then registered his credentials, according to an FBI affidavit.
After the malicious actors stole the CFO’s credentials and gained unauthorized access to his account, they sent counterfeit money transfer applications with attached receipts, logos, and invoice templates found in the CFO’s email account to Unatrac’s financial office.
They also regulated the CFO’s email filters account so he wouldn’t be able to see the emails sent or received and remained unaware of the scammers impersonating him.
After filing for a search warrant, the FBI investigated in coordination with Google to procure information about an email account that the scammers forwarded the data to.
It was then detected that the scammers had been running other alleged scam rackets, including computer intrusion, trafficking using stolen credentials and passwords, and conspiracies to extort money through illegal wire transfers. The FBI also found reports of stolen email account passwords and copies of passports and driver’s licenses.
The total losses of victim resources were reported to be around $11M in extorted money.
It was observed that Microsoft, which the scammers allegedly benefited from in this email phishing campaign, is one of the top brands that scammers mimicked when driving the credential-stealing mal-activities.