In a significant cybersecurity development, Ghanaian authorities apprehended Nigerian hacker Olusegun Samson Adejorin on December 29 for masterminding a $7.5 million business email compromise (BEC) attack on two charitable organizations in Maryland and New York. The U.S. Department of Justice revealed an eight-count federal grand jury indictment, outlining charges of wire fraud, aggravated identity theft, and unauthorized access to a protected computer.
Between June and August 2020, Adejorin executed a sophisticated scheme involving unauthorized access to email accounts and impersonation of employees. Posing as an employee of one charity, he manipulated the other into making substantial fund withdrawals, utilizing stolen credentials and clever tactics to disguise fraudulent activities. The hacker successfully diverted $7.5 million to accounts under his control, leaving the targeted organizations unaware of the deceit.
Facing charges with severe penalties, Adejorin may receive a maximum of 20 years for wire fraud, five years for unauthorized access to a protected computer, and a mandatory two-year sentence for aggravated identity theft. The U.S. DoJ emphasizes the potential extension of the sentence by seven years for malicious registration and use of a domain name. This arrest sheds light on the persistent threat of BEC attacks, prompting organizations to reinforce their cybersecurity defenses with measures like multi-factor authentication, email filtering, and verification procedures for sensitive transactions.
Reference:
