Good Morning Readers,

Let’s talk about Onwuchekwa Kalu, the Nigerian mastermind who recently admitted guilt to wire fraud for orchestrating a BEC scheme that snatched a jaw-dropping $1.2 million from a Boston investment firm and its third-party accounting company. But before we get to that, let's break down what a "BEC" attack is.

How “BEC” schemes work  📠

BEC stands for "Business Email Compromise". It’s a type of cyberattack in which a malicious actor, posing as a trusted source (think your boss or accounting firm), manipulates or compromises email accounts to deceive employees, organizations, or other individuals into taking unauthorized actions, typically involving financial transactions. BEC attacks are designed to trick victims into transferring money or sensitive information to the attacker's control.

It's a classic bait-and-switch, where the attackers pose as someone you trust, using convincing emails that appear entirely legitimate. In some cases, they employ advanced techniques like AI-generated deepfakes or voice cloning, turning the deception into a fine art.

The scheme 💸

Now back to Kalu and his $1.2 million pay day. Kalu was able to hack into the email of an employee from the Boston investment firm. Once infiltrated, Kalu noted all emails with the words containing “wire”, “payment”, “pay”, “payment”, “invoice” and “capital”. Now, this Boston firm made regular investments in the global health solutions space, and their financial transactions were managed by a third party accounting firm in London.

Kalu’s next move was to create an email address almost identical to the Boston firms, only altering one letter. For example: “[email protected]” versus “[email protected]”. Catch the difference? With this fraudulent email address, he directed the the accounting firm in London to wire $650k to a bank account in Mexico, stating it was for “medical equipment”.

But Kalu wasn't done yet. He pushed the urgency button, claiming the initial transfer had faltered and demanded an immediate follow-up transfer of $650,000.

Once these transfers were executed, Kalu and his cohort attempted to disperse the funds through various banking channels in Africa..

Kalu was smart, but not smart enough to evade the FBI, who tracked him down and extradited him out of Nigeria to be prosecuted.

Sweat the details 🧐

In 2021, BEC scams hit the big time, causing businesses to lose a whopping $2.4 billion, leaving ransomware attacks in the dust at $49.2 million. These are some crazy numbers!

But here's the kicker: BEC attacks are evolving. Scammers are now using AI voice cloning to make their scams even more convincing. In one case, they made off with a staggering $35 million in the United Emirates by mimicking a company director's voice. Sounds like something out of an Oceans movie.

The takeaway? Now a days it’s exceedingly important to sweat the details and be meticulous in source verification.

Cheers to staying informed !

Don't Get Got 

P.S. Your experiences matter. If you've encountered a scam or have insights to share, we invite you to connect with us. Let's build a community that stands against cyber threats.

Email us : [email protected]