A Nigerian national that was on Forbes' list of the most promising entrepreneurs in Africa stands accused of business email compromise fraud that stole $11 million from one victim alone.
Obinwanne Okeke is the founder of Invictus Group, involved in construction, agriculture, oil and gas, telecoms and real estate, according. In 2016, Forbes added him to its "Africa's 30 under 30" young
business owners.
Fast forward three years later, the United States District Court for the Eastern District of Virginia issues an arrest warrant in Okeke's name for alleged conspiracies to commit computer and wire fraud.
Long time BEC scammer
According to the FBI affidavit in support of the criminal complaint and arrest warrant, Okeke had been running BEC scams since at least 2016, with some of his partners being involved in scams even before that.
With his co-conspirators, the fraudster worked on creating phishing pages for online services used by various businesses in the US.
In April 2018 Okeke and his associates sent a phishing email to the Chief Financial Officer (CFO) of Unatrac Holding Limited, which is the export sales office for Caterpillar industrial and farming equipment.
The CFO fell for the phishing and sent the login credentials to the fraudsters when they tried to access the email account in Microsoft Office 365.
"Logs indicate that between April 6 and April 20, 2018, the intruder accessed the CFO's account at least 464 times, mostly from Internet Protocol (IP) addresses in Nigeria" reads the affidavit from an FBI agent.
Tricks of the trade
With this level of access, it is stated that Okeke used the CFO's account to send fraudulent wire transfer requests to members of the company's internal financial team.
Some emails had fake invoices with Unatrac logos, while others had been sent to the CFO's account from an external email (pakfei.trade@gmail.com) and then forwarded to employees in charge of making payments, to create the appearance of a legitimate trail.
The affidavit states that the intruder created email filters that marked as read the legitimate emails from company employees and then moved them to a different folder. The purpose was to hide the replies from the receivers of fake invoices and fraudulent wire transfer requests.
In about a week between April 11 and April 19, 2018, Unatrac processed about 15 fraudulent payments. One recipient, Pak Fei Trade Limited, got three payments this way: for $278,270, for $898,461, and one for $1,957,100.
In total, Unatrac sent nearly $11 million to overseas accounts, and most of it could not be recovered.
Wrapping things up
The FBI allegedly linked Okeke to this fraudulent activity starting from the email address 'iconoclastlast1960@gmail.com,' which received files from Unatrac's CFO OneDrive storage account.
Following its trail on the internet, the FBI was able to uncover conversations with other fraudsters where they planned how to create new phishing pages. The email address also led to domain names that impersonated legitimate businesses and possibly used in other phishing campaigns.
Additional fraudulent domains were discovered, redacted in the affidavit. The breakthrough came from an FBI confidential source that linked 'iconoclastlast1960@gmail.com' malicious purposes.
Records from Google tied this address to other accounts that were accessed from the same machine, one of them being 'obinwannem@gmail.com,' linked to Okeke's '@invictusobi' Twitter profile. From there, it was a simple job tracking the real owner of the fraudulent account.
"The information Google provided lists a recovery email address of alibabaobi@gmail.com, and names several accounts linked to iconoclastl960@gmail.com by login session cookie, which indicates a likelihood that they are operated by the same person. One of these linked accounts is obinwannem@gmail.com."
Post a Comment Community Rules
You need to login in order to post a comment
Not a member yet? Register Now