A Nigerian accused of scamming $60 million from companies around the world through fraudulent emails has been arrested after months of investigation, Interpol and Nigeria's anti-fraud agency said Monday.
One target paid out $15.4 million, according to a statement from Interpol.
The ringleader of a global scamming network, identified only as a 40-year-old known as Mike, was arrested along with a 38-year-old accomplice in Nigeria's oil capital, Port Harcourt, in June, said the statement. He is on administrative bail, which implies that officers do not yet have enough evidence to charge him in court. He faces charges including hacking, conspiracy and obtaining money under false pretenses, said the statement.
The man is accused of leading a criminal network that compromised email accounts of small and medium-sized businesses around the world including in the United States, Australia, Canada, India, Malaysia, Romania, South Africa and Thailand. The statement didn't name any of the targets.
The network involved about 40 people in Nigeria, Malaysia and South Africa who provided malware and carried out the frauds, with money-laundering contacts in China, Europe and the United States providing bank account details.
A supplier's email would be compromised and fake messages sent to a buyer with instructions for payment to a bank account under the network's control, the statement said. Or the email account of a high-level executive would be taken over and a request for a wire transfer sent to an employee responsible for handling such requests.
Such crime "poses a significant and growing threat, with tens of thousands of companies victimized in recent years," Noboru Nakatani, executive director of the Interpol Global Complex for Innovation, said in a statement. "The public, and especially businesses, need to be alert to this type of cyber-enabled fraud."
“Basic security protocols such as two-factor authentication and verification by other means before making a money transfer are essential to reduce the risk of falling victim to these scams," said Mr. Nakatani.
Nigeria is notorious for internet fraud. The U.S. Embassy says it receives inquiries every day from Americans who have been defrauded.
The Nigerian (419) Scam is a particularly common type of online fraud, according to an article Ned Smith contributed to TechNewsDaily in 2010:
This one, which plays on greed, is one of the oldest digital rip-offs on the books. You get an email from a wealthy Nigerian (fill in the appropriate country, this one travels well) who needs help in transferring millions of dollars from his homeland. If you are able to assist in the process, the email continues, you’ll receive a sizable cut of the fortune as a reward.
If you take the bait, you will be asked to put up some of your own money to smooth the transfer. It’ll be the last time you see that money or the scammers; there is no fortune that needs to be transferred other than yours. The number “419” refers to the article of the Nigerian Criminal Code that deals with fraud. Any email from strangers that promises riches in exchange your help (read: money) and trust should be avoided. According to scambusters.org, the Nigerian Scam and its cousins still bilk people for between $100 million and $200 million each year.
" 'Mike’ first came onto the law enforcement radar through a report provided to Interpol by Trend Micro, one of its strategic partners," said the statement.
“For a long time we have said in order to be effective, the fight against cybercrime must rely on public-private partnerships and international cooperation,” said Abdul Chukkol, head of the cybercrime section of the Nigerian Economic and Financial Crime Commission, in the statement.
Mr. Chukkol said the transnational nature of business e-mail compromise makes it complex to crack, but the arrest sent a clear signal that Nigeria could not be considered a safe haven for criminals.