Olusegun Samson Adejorin, a Nigerian national, has been extradited from Ghana to the United States to face federal charges related to an alleged $7.5 million business email compromise (BEC) scheme that targeted two charitable organizations.
Adejorin, who arrived in the U.S. on August 30, 2024, had his initial court appearance the same day and is currently detained pending trial. The charges against Adejorin include wire fraud, aggravated identity theft, and unauthorized access to a protected computer, according to an eight-count indictment.
$7.5 million stolen
The indictment details that between June and August 2020, Adejorin orchestrated a complex scheme to defraud two charitable organizations, referred to as Victim 1 and Victim 2. Victim 1, based in Maryland, provides investment services to other organizations, while Victim 2, located in New York, is a recipient of those services. Adejorin allegedly gained unauthorized access to employee email accounts at both organizations, impersonating employees to initiate fraudulent financial transactions.
Adejorin is accused of posing as an employee of Victim 2 to request withdrawals of funds from Victim 1. The scheme involved using stolen email credentials and spoofed domain names to send fraudulent emails requesting the transfer of funds. To evade detection, Adejorin allegedly manipulated email systems to conceal these fraudulent communications, redirecting them to inconspicuous locations within the victim's email accounts. As a result, over $7.5 million was transferred from Victim 1 to bank accounts that were not associated with Victim 2.
The impact of this alleged scheme on the targeted organizations is significant, considering their roles in managing and distributing funds for charitable purposes. Victim 1's responsibility in managing investments for other organizations and Victim 2's reliance on these funds underscore the severity of the breach and its potential consequences on their operations and beneficiaries.
If convicted, Adejorin faces substantial prison time, with each of the five wire fraud counts carrying a maximum sentence of 20 years. Additionally, the charge of unauthorized access to a protected computer could result in up to five years in federal prison, and each count of aggravated identity theft carries a mandatory two-year consecutive sentence. The penalties for two of the wire fraud counts could be increased by seven years due to the fraudulent use of domain names.
Organizations at risk of BEC attacks are advised to implement multi-factor authentication, regularly update security protocols, and train employees on recognizing phishing attempts. When met with payment-related requests, it is always good to call the other party at a trusted number that has been validated from previous communications to confirm the request before approving any actions.
Leave a Reply