FBI identified BEC scammers using bank surveillance footage
Two Nigerian nationals have been sentenced to a combined 22 years in prison for their role in a global cybercrime gang that tricked companies into sending funds to the wrong bank accounts—also known as a business email compromise (BEC) scam.
The two were detained in September 2019 as part of Operation reWired, a global law enforcement crackdown that resulted in the arrest of 281 suspects believed to be part of different BEC scam groups.
According to the FBI, the two suspects, Opeyemi Abidemi Adeoso, 46, and Benjamin Adeleke Ifebajo, 47, served as money launderers for one of these groups.
While other members used phishing emails to trick employees at various companies into sending payments to the wrong accounts, Adeoso and Ifebajo's roles were to open bank accounts to receive and then launder these funds before transferring the money down the line to new accounts.
Since some victims would be alerted when asked to send money abroad, Adeoso and Ifebajo operated from inside the US, where they set up shell companies and accounts at US banks, mainly in the Dallas-Fort Worth region.
"The accounts were set up in alias names, utilizing fraudulent foreign government passports, fraudulent utility bills, and incorporation documents from the Dallas County Clerk's Office," the FBI said in a criminal complaint obtained by The Record.
"Shortly after the accounts were opened, the accounts either received BEC wire proceeds or they received cashier's checks from other accounts that had received the BEC wire proceeds," the FBI said.
According to court documents, the two helped launder more than $3.44 million in BEC wire transfers since 2015, when they entered the country on non-immigration visas but never left. A portion of stolen funds they received in their bank accounts is detailed below:
But while the FBI was able to track the BEC gang's digital footprint of fake companies and online personas, the agency said it was able to identify and catch the two suspects using surveillance footage from banks—when the two suspects came to withdraw or deposit stolen funds.
But identifying the suspects wasn't easy. The FBI said the two Nigerians appeared to know they would risk having their vehicles identified and would often park their cars 500 yards away from a bank to avoid their cars' license plates showing up on security feeds.
In situations where they had to use drive-thru ATMs to with withdraw or make deposits, officials said the two also used temporary paper "dealer tags" on their cars, often registered in fictional names. However, the two suspects did slip up.
Both Adeoso and Ifebajo were arrested in 2019 and pleaded guilty in 2020. They were sentenced to 151 months and 120 months in prison, respectively.
A judge also ordered Adeoso to pay $9.3 million in restitution for his crimes, while Ifebajo was ordered to pay $2.1 million.
A third co-conspirator, Temitope Aminat Folorunsho, 35, pleaded guilty in July 2020 was sentenced in July 2021 to 37 months in federal prison and ordered to pay roughly $221,000 in restitution.
Catalin Cimpanu is a cybersecurity reporter for The Record. He previously worked at ZDNet and Bleeping Computer, where he became a well-known name in the industry for his constant scoops on new vulnerabilities, cyberattacks, and law enforcement actions against hackers.