A Nigerian national, Ebuka Raphael Umeti, has been convicted for operating a Business Email Compromise (BEC) scheme targeting victims in the United States and elsewhere and attempting to steal $1.5 million.
The U.S. Department of Justice disclosed this via a statement released on Friday.
Citing court documents and evidence presented at trial, the DOJ said Umeti, 35, and his co-conspirators sent victims businesses phishing emails, which were made to appear as though they originated from trusted senders, such as a bank or a vendor.
According to the DOJ, the phishing attacks allowed the co-conspirators to gain unauthorised access to victims’ computer systems and email accounts, including by infecting victims’ computers with malicious software or “malware” that provided the co-conspirators with remote access.
It added that the co-conspirators then exploited that access to obtain sensitive information, which they used to deceive individuals at victim companies into executing wire transfers to accounts specified by the co-conspirators.
“As a result of this scheme, the co-conspirators caused or attempted to cause more than $1.5 million of loss to victims,” the DOJ said in its statement.
Principal Deputy Assistant Attorney General and Head of the Justice Department’s Criminal Division, Nicole M. Argentieri, while commenting on the conviction said:
“Although Umeti and his co-conspirators carried out their scheme from outside the United States, they were not beyond the reach of the Justice Department.
“Today’s conviction should serve as yet another reminder that, if you target American victims, the Criminal Division is committed to tracking you down and holding you responsible for your criminal conduct, no matter where you are.”
U.S. Attorney for the Eastern District of Virginia, Jessica D. Aber, also commented on the conviction saying the reach of cyber criminals is extensive, but so is the reach of the law.
“Umeti relied on hidden malware, deception, and an ocean of distance to steal from American businesses and avoid prosecution. Despite those obstacles and obfuscations, a dedicated team of investigators and prosecutors showed outstanding resolve in bringing him to justice,” she said.
According to the DOJ, the jury convicted Umeti of conspiracy to commit wire fraud, three counts of wire fraud, conspiracy to cause intentional damage to a protected computer, and intentional damage to a protected computer.
It added that Umeti is scheduled to be sentenced on Aug. 27 and faces a maximum penalty of 27 years in prison on the wire fraud conspiracy count, five years in prison on the conspiracy to cause intentional damage to a protected computer count, 20 years on each wire fraud count, and 10 years on the intentional damage to a protected computer count.
A federal district court judge is expected to determine any sentence after considering the U.S. Sentencing Guidelines and other statutory factors.
