Kosi Goodness Simon-Ebo, a 29-year-old Nigerian citizen who was extradited from Canada to the United States last April, has pleaded guilty to charges of wire fraud and money laundering in connection with a sophisticated business email compromise (BEC) scheme.
Simon-Ebo has confessed to his involvement in a criminal conspiracy dating back to 2017 when he resided in South Africa. During this time, he conspired with individuals based in the United States to compromise business and employee email accounts.
The scheme involved using these compromised email accounts to contact various businesses, all the while disguising their true identities by employing spoofed sender addresses, making the emails appear as if they originated from reputable sources.
Within these deceptive emails, the fraudsters included payment requests and wiring instructions, which ultimately led the unsuspecting victims to transfer funds into bank accounts controlled by Simon-Ebo and his co-conspirators.
To further obfuscate the illicit funds’ trail, the criminals proceeded to move the money between accounts before ultimately withdrawing cash. Additionally, they employed cashier’s checks to write payments to different individuals and business entities, further obscuring the money’s origins.
The plea agreement highlights that the scammers achieved a notably high success rate, with approximately $1 million stolen out of the nearly $7 million they attempted to pilfer.
“The intended loss for transactions in which Simon-Ebo was directly involved—which were some, but not all of the transactions involving Simon-Ebo and his co-conspirators—was approximately $6,988,249, and the actual loss resulting from these transactions was at least $1,072,306,” stated the U.S. Department of Justice (DoJ).
Simon-Ebo now faces the possibility of a maximum prison sentence of 20 years. The official sentencing is scheduled for November 29, 2023, to be held at the U.S. District Court of Maryland.
In addition to the potential prison term, the convicted BEC operator will be required to pay restitution totaling $1,072,306, equivalent to the total losses incurred by the victims of the scheme.
The Expanding Threat of BEC Scams
Business email compromise continues to pose a significant threat to companies and organizations globally. In 2021 alone, losses stemming from BEC schemes amounted to nearly $2.4 billion in the United States, as reported by the FBI, which received approximately 20,000 complaints related to such scams during that year.
Verizon’s June 2023 report revealed a concerning trend, with BEC attacks nearly doubling in frequency this year. These attacks often originate from legitimate yet compromised email addresses, making them particularly difficult to detect.
In March 2023, the FBI issued a warning regarding the evolving tactics of BEC fraudsters. Instead of targeting funds directly, they have shifted their focus to redirecting valuable assets, including hardware, construction materials, and solar energy products.
Furthermore, a report from Microsoft in the same month highlighted the alarming speed at which BEC attacks unfold. The entire process, from compromising email credentials to registering typo-squatting domains and hijacking existing email threads, can be executed within just a few hours.