Kevin Krause reports:
A Nigerian man living in the U.S. on a student visa faces federal wire fraud charges in connection with a sophisticated email phishing scam targeting businesses.
Amechi Colvis Amuegbunam, 28, of Lagos, Nigeria, was arrested in Baltimore in August and charged with scamming 17 North Texas companies out of more than $600,000 using the technique. He remains in federal custody in Dallas. If convicted, he faces up to 30 years in prison and a fine of up to $1 million.
He is accused of sending emails that looked like forwarded messages from top company executives to employees who had the authority to wire money. Amuegbunam tricked the employees into wiring him money by transposing a couple of letters in the actual company email, authorities said.
Read more on The Dallas Morning News.
The paper’s own headline had the word “sophisticated” in it, which I have deleted, because I wouldn’t consider this a particularly sophisticated scheme, although the criminals do have to invest in doing their homework to have realistic-looking emails that would convince an employee that it was a routine request for an authorized wire transfer, and then a second email or document ready if the employee needs a second source to authenticate the request. And of course, they need mules. It’s a well-organized enterprise.
So what authentication system does your firm have in place?