On 10AUG2022 three Nigerians were extradited from the UK to the US to face charges related to their roles in conducting Business Email Compromise (BEC) attacks against a number of US-based businesses.
43-year old Oludayo Kolawole John Adeagbo, 40-year old Donald Ikenna Echeazu, and 42-year old Olabanji Egbinola were brought to North Carolina to face their charges, although some of their crimes were also charged in Texas and their victims are across the United States and the world.
The three were linked together by exchanging data related to construction companies who were involved in multi-million dollar building projects, and whose emails they were able to acquire through phishing attacks against targets they had purchased from a commercial intelligence service intended to be used by potential sub-contractors.
BEC’s through Look-alike Domains
Victim A notified the FBI that someone was spoofing Victim B, by sending emails from the address “accounts@lucasconstruct.com.” (The real company, Lucas Construction, in League City, Texas, uses the domain “lucasconst.com”.) In one email, a victim received an appropriate form that their company used for updating banking information. The email sender was clearly familiar with their processes, as the email said:
Please find attached our completed ACH form and a copy of a voided check as requested. Kindly let us know once updated.
After processing the change of banking information, Victim A sent the next construction payment of $525,282.39 to a SunTrust bank account rather than to Lucas Construction!
Victim C, a community college in the Houston, Texas area, had a similar experience, resulting in sending $1,995,168.64 to a PNC Bank account controlled by criminals after receiving a similar request to update their records from “accounts@tellepsengroup.com.” The real domain (Victim D) should have been tellepsen.com, a four generation family owned construction and concrete company in Houston.
Victim E, a county government in Texas, sent $888,009.40 to a JPMorgan Chase account after being asked to update the banking records via an email from “accounts@dwcontractorsgroup.com.”
All three of those domains were registered by NameC
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
Read the original article: