Interpol arrests Nigerian email scammer who swindled $60 million

His criminal ring pulled off the scheme by pretending to be CEOs or suppliers

The Nigerian at one point conned a victim into paying $15.4 million.
Credit: Peter Sayer/IDG News Service

Interpol has arrested a top Nigerian email scammer who stole more than $60 million by tricking businesses into handing over funds by posing as trusted suppliers.

The 40-year-old Nigerian, known as “Mike,” is allegedly the leader of a criminal ring that targeted hundreds of victims across the world, Interpol said on Monday.

He and at least 40 other individuals pulled off their scheme by allegedly pretending to be CEOs or suppliers using hacked email accounts of legitimate companies.

The criminals then sent fake emails, asking the victims to wire funds or send payment to bank accounts under the scammers’ control.

The Nigerian at one point conned a victim into paying $15.4 million, Interpol said. To hack the email accounts, the scammers targeted small and medium businesses in the U.S., India, and Romania, among other countries.

Authorities first became aware of Mike when, in late 2014, security firm Trend Micro began investigating the malware used in his scams. The malware was designed to steal email and web logins.

By analyzing the malware’s command-and-control infrastructure, Trend Micro managed to track the Nigerian’s location. Mike was then arrested in southern Nigeria in June and he faces charges for hacking, conspiracy, and obtaining money under false pretences.

However, Interpol made no mention of the rest of his criminal ring. Its members also come from Nigeria, along with Malaysia and South Africa, Interpol said.

These kinds of email scams, also known as “CEO fraud” or “the supplier swindle,” have become a growing problem. Businesses across the world have been duped into giving away at least $3.1 billion, according to the FBI.

Interpol is advising businesses verify an email sender’s identity before wiring off any funds. To avoid hacking, emails accounts can also be better protected when using two-factor authentication.

To comment on this article and other CSO content, visit our Facebook page or our Twitter stream.
Insider: Hacking the elections: myths and realities
Notice to our Readers
We're now using social media to take your comments and feedback. Learn more about this here.