US FBI indicts 6 prolific Nigerian scammers targeting Omaha businesses in Multimillion Dollar Heist

US FBI indicts 6 prolific Nigerian scammers targeting Omaha businesses in Multimillion Dollar Heist

Six Nigerian nationals have been federally indicted in Nebraska, wanted in connection with elaborate schemes targeting business executives out of millions of dollars.

The FBI announced the indictments Tuesday in Omaha. The six individuals, believed to be in Nigeria, are accused of conducting business email compromise, romance fraud, and other types of fraud, according to Special Agent Jake Foiles of the Omaha division’s Cyber Squad. 

Named in the indictments and slapped with sanctions Tuesday are Richard Uzuh, Michael Olorunyomi, Alex Ogunshakin, Felix Okpoh, Nnamdi Benson and Abiola Kayode.

All of them are Nigerian citizens and, according to wanted posters issued Tuesday, they are believed to be living in Nigeria.

Three other co-conspirators have already been arrested: two were apprehended after traveling to the U.S., and another arrested and extradited from Poland, Foiles said..

Business email compromise, or BEC, involves “tricking companies into sending fraudulent payments, either through wire transfers or ACH transfers,” Foiles said

These perpetrators focused on victimizing a larger number of people rather than going after larger payments, he said, collecting as many “smaller” wire transfers — from $50,000 to $100,000 — as they could before being detected.

Companies in Nebraska and Iowa have lost millions of dollars due to a single incident like this, he said. The U.S. Department of Treasury said Americans lost over $6 million because of these schemes. 

In this case, however, two unnamed Nebraska companies lost more than $530,000 before realizing it was a scam. According to the unsealed indictments, these schemes happened between 2015 and 2016. The companies were among more than 70 identified during the investigation. 

The Treasury Department announced sanctions on the six men, which Foiles called a “unique” deterrent, as it shows a full-government approach to fighting cyberfraud.

Federal investigators say the suspects would spoof email addresses posing as real CEOs or other business executives, directing employees to make wire transfers from business accounts.

As more people work from home during the pandemic, it makes companies more vulnerable to these sorts of scams, Foiles said. 

“We’re not seeing… people at our company as often in person,” he said, noting that workplace conversations and personal interactions might have uncovered the fraud much faster. 

Prosecutors say the six manipulated their victims in order to gain access to usernames, passwords, and bank accounts. They used social media and email to carry out the scams.

They also used romance schemes to scam money out of three Omaha residents. 

These six men face charges ranging from wire fraud and conspiracy, to identity theft, and access device fraud. Several more fraudsters are involved, Foiles said, but the FBI was able to positively ID and obtain evidence to charge six, with three others were included in the indictments. If convicted, they could face up to 20 years in federal prison and $250,000 in fines.

Such investigations start with companies coming forward to say they have encountered fraud, Foiles said. 

“A lot of companies keep this kind of thing secret,” he said.

Investigators typically collect electronic communications and work backwards from spoofed emails to the accounts perpetrators were using to collect identifying information, he said. 

Fred Haines of Wichita, Kansas, was the victim of elaborate financial schemes a decade ago and is still paying on the debt he incurred. 

While the U.S. does have an extradition treaty with the U.S., the FBI has been working with Nigerian counterparts to prosecute offenders in that country, Foiles said. 

“We would work on our investigations and submit information to the Nigerian Economic and Financial Crimes Commission, and then they would pursue their own investigations and prosecute individuals there,” he said. 

Prevention & detection

As technology has become more sophisticated, so have criminals, Foiles said. While more data and information is often available to collect, other aspects make it harder, like encryptions. 

“As our subjects continue to move to platforms that are encryption-enabled, it makes my job harder as I can’t get some of that key evidence even with a search warrant signed by a judge,” he said.

For such criminals, this sort of fraud is essentially their full-time jobs, he said. Some will even adopt U.S. business hours so that they can conduct transactions while Americans are at work.

Businesses and companies using the two most common email platforms — Office 365 or Google’s G-Suite — are most-targeted, Foiles said. 

Companies can prevent BECs by making a phone call to a coworker to verify any kind of payment or significant financial transaction. 

“(A coworker’s voice is) much more difficult to impersonate,” he said. 

Another way is to enable multi-factor authentication.

“If all organizations and companies were to enable that feature, it would greatly reduce business email compromise,” Foiles said. 

But the most nefarious attacks delay detection, like hacking into email accounts and setting up auto-forwarding, Foiles said. Someone who notices there might be unauthorized access into their account would change their password, but may not notice their account has been set up to forward to an illegitimate account. 

“So every email sent to that account could still get forwarded to the fraudster,” he said. 

The best way companies can guard against this tactic is to prohibit forwarding outside their organization, he said.

A Secret Service official last week told Congress that financial institutions believe they’ve intercepted $500 million worth of bogus claims, with Washington state’s unemployment system alone accounting for $300 million.

Two Nigerian men arrested in Massachusetts last week have been linked to at least some of that fraud, with attempted payments from both Washington and Pennsylvania unemployment systems in the names of people who told the FBI they never applied for unemployment.

Nosayamen Iyalekhue and Esogie Osawaru also stand accused of running romance schemes, using fake foreign passports to open multiple bank accounts then have the victims send money to those accounts.

In one case, the FBI says, a 64-year-old Texas woman was wooed online, then enticed into sending $125,500 over the course of a year and a half, into accounts controlled by the men. Another woman from Michigan sent more than $100,000 since 2018. Yet another woman from Alabama sent $150,000 to a man with whom she built an online romance, believing he was a member of the U.S. military.

All told, the FBI documented at least a dozen victims in court documents.

Share this post