US Sentences Nigerian to 26 Years in Prison for Stealing Millions Through Phishing

November 4, 2024 at 08:31AM Kolade Akinwale Ojelade received a 26-year prison sentence in the US for compromising email accounts via phishing, resulting in the theft of millions of dollars. **Meeting Takeaways:** 1. **Individual Sentenced**: Kolade Akinwale Ojelade. 2. **Sentence Duration**: 26 years in prison. 3. **Location**: United States. 4. **Criminal Activity**: Compromised email accounts … Read more

Two British-Nigerian men sentenced over multimillion-dollar business email scam

October 3, 2024 at 08:39AM British-Nigerian men Oludayo Kolawole John Adeagbo, 45, and Donald Ikenna Echeazu, 42, have been sentenced for email fraud schemes in the US, earning millions. Adeagbo was sentenced to seven years for affecting Texas and North Carolina organizations, while Echeazu received 18 months. Their scams involved construction projects and local government … Read more

Transport, Logistics Orgs Hit by Stealthy Phishing Gambit

September 26, 2024 at 04:19PM A recent blog by Proofpoint researchers revealed that a targeted group of transportation and logistics companies in North America had been affected by business email compromise (BEC) attacks. The threat actor used various techniques, including thread hijacking and bespoke phishing attacks, to infiltrate the companies’ networks. The transportation and logistics … Read more

US Transportation and Logistics Firms Targeted With Infostealers, Backdoors

September 26, 2024 at 07:55AM Threat actors are targeting transportation and shipping organizations in North America, compromising email accounts to deliver various malware families like Arechclient2, DanaBot, Lumma Stealer, NetSupport, and StealC. The attacks involve injecting malicious content into compromised inboxes and using Google Drive links or URL files to deliver malware. Proofpoint advises caution … Read more

Ethereum mailing list breach exposes 35,000 to crypto draining attack

July 4, 2024 at 12:18PM A threat actor compromised Ethereum’s mailing list provider and sent a phishing email to over 35,000 addresses, luring recipients to a malicious site offering investment returns. Ethereum disclosed the incident, stating it had no material impact. The internal security team launched an investigation, blocked the attacker, and warned the community. … Read more

US Authorities Attempting to Recover $5.3 Million Stolen in BEC Scam 

June 6, 2024 at 10:39AM The US government filed a civil forfeiture action to recover over $5.3 million lost by a Massachusetts workers union in a business email compromise scam. Cybercriminals tricked the union into transferring the funds using a spoofed email. The fraudsters transferred the money through intermediary bank accounts. Authorities have seized the … Read more

Nigerian National Pleads Guilty of Conspiracy in BEC Operation

March 8, 2024 at 02:06AM Echefu, a Nigerian man involved in a business email compromise scheme, has pleaded guilty to conspiracy charges in the US. Alongside his co-conspirators from South Africa, he gained unauthorized access to email accounts to orchestrate wire fraud and money laundering. Echefu faces up to 20 years in prison and must … Read more

Nigerian hacker arrested for stealing $7.5M from charities

January 3, 2024 at 02:35PM Nigerian national Olusegun Samson Adejorin was arrested in Ghana for wire fraud and identity theft, related to $7.5 million embezzlement from US charitable organizations. The fraud scheme involved unauthorized access to email accounts and impersonation of employees to trick one charity into transferring funds to accounts controlled by the attacker. … Read more

Money-grubbing crooks abuse OAuth – and baffling absence of MFA – to do financial crimes

December 14, 2023 at 06:07AM Miscreants are using OAuth to automate financially motivated cyber crimes, such as BEC, phishing, and deploying virtual machines for crypto mining, as highlighted by Microsoft. These criminals leverage compromised accounts to create OAuth applications and manipulate user permissions. Microsoft suggests monitoring Azure audit logs for illicit mining activities and enabling … Read more

In Other News: Airport Taxi Hacking, Post-Quantum Crypto Guidance, Stanford Breach

November 4, 2023 at 12:30PM SecurityWeek’s weekly cybersecurity roundup highlights several significant developments. Stanford University suffered a ransomware attack, resulting in 430 GB of data being stolen. The MOVEit hack compromised around 632,000 email addresses from the US Justice and Defense Departments. The Henry Schein cyberattack was claimed by the BlackCat ransomware group. A link … Read more