A 29-year-old Nigerian man extradited from Canada has pleaded guilty to wire fraud and money laundering connected to a business email compromise (BEC) scam based in South Africa.
Kosi Goodness Simon-Ebo admitted to compromising business accounts in 2017 to spoof emails and divert large payments. The scammers targeted U.S. companies and made off with over $1 million.
How the International BEC Scheme Worked
Simon-Ebo and co-conspirators accessed employee accounts to send emails with altered sender details. The messages contained wiring instructions for payments to accounts controlled by the scammers.
They would quickly move the stolen funds through various accounts internationally to obscure the trail. Cashier’s checks cashed by money mules helped further layer the transactions.
“The intended loss for transactions in which Simon-Ebo was directly involved—which were some, but not all of the transactions involving Simon-Ebo and his co-conspirators—was approximately $6,988,249, and the actual loss resulting from these transactions was at least $1,072,306,” explains the U.S. DoJ.
Out of nearly $7 million attempted, the scammers successfully pocketed around $1.07 million from victims. Simon-Ebo was extradited to face charges in Maryland and agreed to forfeit the full amount.
BEC Scams Cause Billions in Losses for Businesses
A BEC scam involves social engineering attacks that divert authorized payments from companies, often using compromised email accounts. They have exploded into a multi-billion dollar global epidemic.
The FBI received nearly 20,000 BEC-related complaints in 2021 with adjusted losses of approximately $2.4 billion. Verizon estimates BEC attacks have doubled in 2022 compared to last year.
Also in March, a report from Microsoft warned about the speed of BEC attacks, explaining that the entire process between compromising email credentials, registering typo-squatting domains, and hijacking existing email threats only takes a couple of hours.
BEC tactics have also diversified beyond targeting money to now hijacking valuable inventory like tech products. Speed is critical, with an entire BEC scam completed in just hours in many cases.
The case illustrates the global coordination involved in sweeping BEC campaigns that law enforcement worldwide continues working urgently to disrupt. But billions in losses annually show firms must also prioritize email security and payment verification.