September 24, 2015

Federal Grand Jury Indicts Nigerian Man for Role in Business E-Mail Compromise Scheme That Caused Attempted $1.3 Million Loss to U.S. Companies

DALLAS—A Nigerian citizen in the U.S. on a student visa has been charged in a federal indictment, returned late today, with one count of conspiracy to commit wire fraud stemming from his role in what has become known as a “Business E-Mail Compromise” scheme, announced U.S. Attorney John Parker of the Northern District of Texas.

Amechi Colvis Amuegbunam, 28, of Lagos, Nigeria, was arrested late last month on a related federal criminal complaint, filed earlier this year in the Northern District of Texas, when he entered the U.S. in Baltimore, Maryland. He made his initial appearance before a U.S. Magistrate Judge in federal court in the District of Maryland on August 25, 2015, and was detained. It is expected that he will make an appearance in federal court in Dallas this week.

The indictment alleges that from November 2013 through August 2015, Amuegbunam and other individuals, sent, and caused to be sent, fraudulent e-mails to companies in the Northern District of Texas and elsewhere, containing material misrepresentations that caused the companies to wire transfer funds as instructed on a pdf document that was attached to the e-mail. According to the complaint, Amuegbunam is responsible for more than a $1.3 million attempted loss, and a $615,550 actual loss, to U.S. companies, including Wells Fargo and JP Morgan Chase.

The FBI, according to the complaint, is investigating an extensive money laundering and wire fraud scheme primarily operated by individuals in Nigeria, and assisted by individuals in the U.S., who are exploiting open source information and using social engineering techniques to steal millions of dollars from U.S. corporations and individuals. The scheme has become so common that the term, “Business E-Mail Compromise” scheme, was coined, and on August 25, 2015, the FBI issued a Public Service Announcement regarding the scheme.

The investigation of this particular BEC scheme began when two companies in the Dallas/Fort Worth area reported to the FBI Dallas office that they had received targeted spear phishing e-mails. These e-mails appeared to be a forwarded message, allegedly from a top executive at the company, sent to an employee in the company’s accounting department who had authority to make financial transfers for the company. Although the e-mails appeared to be coming from a company executive, the messages were actually coming from a false e-mail account fraudulently created to look like a legitimate company e-mail account. A fraudulent domain name was used that contained one small difference from the true company’s e-mail address—such as transposed letters. After complying with the spear phishing e-mail instructions to transfer funds, the companies became victims of the BEC scheme, each losing approximately $100,000. The investigation traced the creation of some of the pdfs to Amuegbunam.

The FBI’s Internet Crime Complaint Center (IC3) has been tracking this scheme and to date, perpetrators of the scheme have victimized more than 7000 businesses based in the U.S. and more than 1000 foreign-based businesses. The total loss to the U.S. victims is approximately $747 million.

Additional information about the BEC scheme may be found in a Fraud Alert issued by the Financial Services Information Sharing and Analysis Center (FS-ISAC), the FBI, and the U.S. Secret Service. The FBI urges any business who believes it was victimized by the BEC scheme to contact them at 972-559-5000.

An indictment is an accusation by a federal grand jury, and a defendant is entitled to the presumption of innocence unless proven guilty. If convicted, however, the conspiracy to commit wire fraud offense carries a maximum statutory penalty of 30 years in federal prison and a $1 million fine. Restitution may be ordered.

The FBI is conducting the ongoing investigation and Assistant U.S. Attorney C.S. Heath is in charge of the prosecution.