Man Used Phishing Techniques to Steal $11 Million from Company in BEC Scheme
Obinwanne Okeke appeared to be a successful entrepreneur and an up-and-coming millionaire in Nigeria.
FBI investigators, however, learned that at least some of Okeke’s business ventures involved fraud and theft that resulted in millions of dollars in losses.
In 2018, Okeke sent a phishing email to the chief financial officer of a construction equipment distributor in London. The message asked for the CFO’s login information on a website that looked legitimate. But it was actually a website controlled by Okeke, which allowed him to learn the CFO’s user name and password. He then logged in to the CFO’s account and sent messages requesting million-dollar wire transfers.
Posing as the CFO, Okeke’s emails directed company employees to send the money to bank accounts in other countries, often with fake invoices. The transfers moved the money outside the grasp of law enforcement in the United Kingdom.
In total, the London company lost $11 million.
“This was a large company working in million-dollar transactions regularly. The bank didn’t catch it because it seemed normal,” said Special Agent Marshall Ward, who investigated the case out of the FBI’s Norfolk Field Office. Okeke used the stolen identity of a Virginia resident to set up the phishing website, which is how the case was referred to FBI Norfolk.
These business email compromise (BEC) schemes are common. And Okeke used a tactic that helped his scheme go undetected by the CFO or the firm’s employees. He set up email filtering rules, so the actual CFO wouldn’t see the fraudulent emails. If an employee sent a follow up question or expressed concern, the filter would ensure that message never reached the actual CFO.
“If the CFO had changed his password, those filtering rules would still apply to the email. So his email traffic would still be intercepted,” Ward said.
The company’s willingness to work with the FBI and share what they learned was key to helping find Okeke and charge him.
Okeke pleaded guilty to wire fraud charges in June 2020 and was sentenced to 10 years in prison in February 2021.
“Many scammers have realized it’s no longer cost effective to target individuals. Instead, they go after these big companies—real estate firms, law firms, anyone moving huge amounts of money is a target.”
Marshall Ward, special agent, FBI Norfolk
Ward compared these types of scams to large-scale bank robberies. Instead of stealing a few hundred dollars, scammers can steal millions with just a few clicks from half a world away.
“Many scammers have realized it’s no longer cost effective to target individuals. Instead, they go after these big companies—real estate firms, law firms, anyone moving huge amounts of money is a target,” Ward explained. “We’re losing billions to these kinds of schemes, so we have to go after these guys whenever possible.”
Any organization that deals with money can be a victim of BEC, so everyone should be careful when organizing financial transactions online.
“We live in an age of instant communication, and it’s easy to get complacent. My biggest piece of advice is to pick up the phone and verify any large transfer like that,” Ward said. “And if you are a victim, tell your bank immediately and report it to IC3.”
Ward noted that if victims contact their bank in time, they can sometimes stop those fraudulent transfers, saving a company or organization millions of dollars.