A Nigerian man living in the U.S. on a student visa faces federal wire fraud charges in connection with a sophisticated email phishing scam targeting businesses.
Amechi Colvis Amuegbunam, 28, of Lagos, Nigeria, was arrested in Baltimore in August and charged with scamming 17 North Texas companies out of more than $600,000 using the technique. He remains in federal custody in Dallas. If convicted, he faces up to 30 years in prison and a fine of up to $1 million.
He is accused of sending emails that looked like forwarded messages from top company executives to employees who had the authority to wire money. Amuegbunam tricked the employees into wiring him money by transposing a couple of letters in the actual company email, authorities said.
The FBI issued an alert earlier this year about the new cyberattack it called the “Business Email Compromise.” The FBI said it is a “growing fraud that is more sophisticated than any similar scam the FBI has seen before.”
Federal officials say more than 7,000 U.S. businesses have been scammed out of a total of about $740 million.
“It’s a prime example of organized crime groups engaging in large-scale, computer-enabled fraud, and the losses are staggering,” said Maxwell Marker, an FBI agent who oversees an organized crime section, in a recent bulletin.
The FBI said it’s the work of organized crime groups from Africa, Eastern Europe and the Middle East.
The Dallas investigation began in 2013 when two North Texas companies reported falling victim to the scheme, each losing about $100,000, according to an FBI complaint.
In the case of Luminant Corp., an electric utility company in Dallas, an employee with the authority to wire money received an email from someone who appeared to be a company executive, the complaint said.
But the email domain name had two letters transposed. For example, someone created the email with a domain name of lumniant.com.
The duped employee wired $98,550 to a bank account outside Texas.
The FBI subpoenaed information about the email account and learned it was created by someone named Colvis Amue, the complaint said.
Agents determined that person was Amuegbunam and that he scammed another company out of $146,550, according to the complaint. A third company realized the phishing email was fake and did not send the $381,903 requested.
“The Dallas FBI quickly learned that this was a widespread scheme,” the complaint said.
The FBI has identified five other conspirators who live in Nigeria who are subjects of the investigation.
In these scams, “money mules” are employed to accept the initial transfers into their personal bank accounts. They then are told to quickly transfer the money elsewhere, usually to a bank account outside the U.S. The money usually ends up in Asian banks, including those in China and Hong Kong, the FBI alert said.
The criminals have become experts at imitating invoices and accounts, agents say. The fraudulent emails are typically well worded and specific to the type of business being targeted, the FBI says. The phrases, “code to admin expenses” and “urgent wire transfer,” are frequently used.
In one recent case provided by the FBI, a company accountant received an email from her chief executive, who was on vacation outside the country. He asked her to transfer money for a “time-sensitive acquisition” before the day’s end, according to the FBI. The executive said a lawyer would contact her with more information.
The accountant said such requests were not unusual.
The lawyer sent her an email with her CEO’s signature on a letter of authorization with the company’s seal that was attached. The email gave her instructions to wire more than $737,000 to a bank in China.
The accountant learned about the scam when the CEO called the next day, saying he knew nothing about the wire transfer request.
The FBI said criminal groups usually target businesses that have foreign suppliers or regularly make wire transfer payments.
“They have excellent tradecraft, and they do their homework,” Marker said. “The days of these emails having horrible grammar and being easily identified are largely behind us.”