Onwuchekwa Nnanna Kalu, a Nigerian National from Rivers State, pleaded guilty to orchestrating a sophisticated business email compromise (BEC) scam that targeted an investment firm in Boston, resulting in the theft of $1.25 million.
The guilty plea was announced by U.S. Attorney Matthew M. Graves and Acting Special Agent in Charge David Geist of the FBI Washington Field Office’s Criminal and Cyber Division. Kalu, who was arrested in 2022, admitted to diverting funds to overseas bank accounts through the use of malicious tactics.
Kalu’s guilty plea centers around his involvement in a BEC scheme that combined computer intrusion methods and social engineering. The scam targeted an investment firm located in Massachusetts, which had investments spanning North America, Europe, and Israel.
Court documents reveal that Kalu and his co-conspirators gained unauthorized access to an employee’s email account and planted malware to intercept communication related to financial transactions. By exploiting this access, they created spoofed emails to misdirect wire transfers, resulting in the diversion of $1.25 million from the victim company’s bank account to offshore accounts under their control.
U.S. Attorney Graves emphasized the havoc wreaked by BEC schemes on various entities and urged due diligence in scrutinizing email communications to prevent falling victim to such scams. The case underscores the FBI’s commitment to prosecuting cybercriminals operating globally. The guilty plea stands as a warning to both businesses about the perils of email spoofing and to cybercriminals that law enforcement will relentlessly pursue those engaged in such activities.
