By this point, savvy people know it’s a bad idea to trust an email from a Nigerian prince hoping to use their bank account to unload a dead relative’s vast wealth.
And they’re just as suspicious of the sudden Internet-based love interest with questionable grammar who needs a few thousand untraceable dollars to clear up a passport issue in time for a magical first date.
But in a sophisticated and terrifying evolution of the Nigerian 419 scam, web-savvy crime syndicates are figuring out ways to bilk U.S. citizens of billions.
On Monday, the FBI announced the arrest of 74 people across the world — including 29 people in Nigeria and 41 in the United States — who authorities say were part of complex international networks that combed filings by the Securities and Exchange Commission, spoofed CEO emails and successfully targeted even hardened employees whose jobs are to safeguard their companies from financial mismanagement.
The recent scams have the same DNA as the poorly worded emails that have been showing up in people’s inboxes since the 1990s. Instead of playing on hopes of finding love or lust for sudden wealth, they play on fears about missing a vital company payment or upsetting a boss’s boss.
“[Scammers] are doing their research … going onto company websites and looking for the right people,” FBI Assistant Director Scott Smith, who helped lead the investigation, told the Wall Street Journal. “They may even go as far as pulling annual reports and finding what companies they do business with and [impersonating] those accounts.”
Adeyemi Odufuye and his team, for example, sifted SEC records, company websites and other business documents, looking for the names and email addresses of chief executives, chief financial officers and controllers, court documents say.
Odufuye, who had a half dozen nicknames, including “Jefe,” the Spanish word for “chief” or “boss,” led a crew responsible for stealing $2.6 million, including $440,000 from one business in Connecticut, according to the Justice Department.
The schemes used a variety of tactics to gain people’s trust and steal their money, federal authorities say. They registered website domain names that were hard to distinguish from the companies they were targeting — impersonations meant to give emails an air of authenticity. Some of those emails arrived with malware attachments that would snap images of a victim’s desktop or transmit key log information — a hacker trick for nabbing someone’s password.
They even employed money mules whose sole purpose was to move the ill-gotten gains from account to account, authorities say, disguising the electronic paper trail from investigators.
Odufuye was extradited from Britain on Jan. 3. He pleaded guilty to one count of conspiracy to commit wire fraud and one count of aggravated identity theft.
The arrests highlighted just how many people are falling for the latest iterations of the Nigerian hustle, as well as the staggering losses American businesses are accruing. According to FBI figures obtained by the Journal, victims of such scams reported $275 million in losses in 2015. By 2017, reported losses had more than doubled, to $675 million. And in the first quarter of this year, more than 4,000 victims reported $685 million in losses. The bureau estimates American businesses have lost more than $3.7 billion as a result of the schemes.
[IRS: A new phone scam threatens college students]
Since January 2015, the FBI estimated last year, there has been a 1,300 percent increase in identified exposed losses from similar scams. On Monday, the FBI issued a public service announcement about the scams.
Last year, FBI Special Agent Martin Licciardo, an organized crime investigator, said such crimes are “a serious threat on a global scale. The ability of these criminal groups to compromise legitimate business email accounts is staggering. … They are experts at deception.”
Scammers target businesses of all sizes, sometimes spending months studying a company’s organizational chart, the FBI said. They target people who frequently transfer large amounts of money and sensitive records in the course of business. They impersonate executives, human relations staff, law firms and trusted vendors. They usually insist that whatever bogus issue they’ve raised be cleared up as soon as possible, often by an immediate wire transfer. Discretion is often advised.
Another pair of alleged swindlers, Paul Wilson Aisosa and Gloria Okolie, went after a real estate closing attorney in Augusta, Ga. Such attorneys routinely keep large sums of money in a trust, often serving as a go-between for buyers and sellers. But Aisosa and Okolie convinced the unnamed attorney to send the proceeds from a recent sale — nearly $250,000 dollars — to Okolie’s account instead of to the seller, authorities said.
The pair is awaiting trial after being accused of laundering $665,000 in illicit funds, according to the Justice Department.
Before the attorney’s deposit, court documents say, the only cash in the account was the $100 required to start it.