Massive BEC Scheme Run by Nigerian National Dismantled by FBI

A Nigerian national faces charges in the United States emanating from various cybercrime schemes that included business email compromise (BEC) frauds and a number of other alleged infractions.

DevOps Connect:DevSecOps @ RSAC 2022

Ramon Olorunwa Abbas, 37, a.k.a. “Ray Hushpuppi” and “Hush,” is a Nigerian national and Dubai resident accused of involvement in a few major BEC schemes that affected a U.S. law firm, a foreign bank and an English Premier League soccer club.

In BEC attacks, bad actors use real credentials for legitimate emails and trick third parties into making wire transfers. In many cases, communications come from high up the hierarchical ladder, and employees skip the usual security measures.

Abbas was arrested in the United Arab Emirates, with the FBI’s help, and now faces charges after being expelled to The United States.

“The affidavit alleges that Abbas and others committed a BEC scheme that defrauded a client of a New York-based law firm out of approximately $922,857 in October 2019,” states the press release from the Department of Defense.

“Abbas and co-conspirators allegedly tricked one of the law firm’s paralegals into wiring money intended for the client’s real estate refinancing to a bank account that was controlled by Abbas and the co-conspirators.”

Abbas is also accused of conspiring to launder funds stolen in a $14.7 million cyber-heist from a foreign financial institution in February 2019. He was also targeting an English Premier League soccer club to steal $124 million.

The prosecutors say that, if convicted of conspiracy to engage in money laundering, Abbas would face a statutory maximum sentence of 20 years in federal prison.

BEC schemes are one of the most damaging cybercrimes, and one reason is that criminals don’t need much technical expertise to pull it off. It’s a lot different from breaching corporate infrastructure, for example.

*** This is a Security Bloggers Network syndicated blog from HOTforSecurity authored by Silviu STAHIE. Read the original post at: