Site icon Sophos News

BEC fraudster and romance scammer sent to prison for 25 years

Elvis, you might say, has left the building, but only to be transported from court to federal prison.

In this case, we’re referring to Elvis Eghosa Ogiekpolor, jailed for 25 years in Atlanta, Georgia for running a cybercrime group that scammed close to $10,000,000 in under two years from individuals and business caught up in so-called romance and BEC scams.

Five other co-conspirators who seem to have “worked for” Ogiekpolor have already pleaded guilty in this case; as far as we know, they haven’t been sentenced yet.

BEC is short for business email compromise, an umbrella term for a form of online scam in which the attackers acquire login access to email accounts inside a company, so that the fraudulent emails they send don’t just seem to come from the company they’re attacking, but actually do come from there.

This sort of scam is also commonly, if somewhat confusingly, known as CEO fraud or CFO fraud, because BEC criminals aim to get access to the email of the most influential employees they can.

Those names don’t denote that the CEO or CFO is carrying out the fraud, but rather that their names and email accounts have been taken over to issue fake payment instructions to staff, suppliers and customers, thus diverting incoming and outgoing payments to rogue bank accounts.

As you can imagine, crooks with access to an employee’s real mailbox can pull off all sorts of low-tech but effective scamming tricks, including:

Businesses can end up defrauded of millions of dollars by BEC criminals who have the social engineering “skills” to misdirect well-meaning employees:

https://nakedsecurity.sophos.com/2019/08/01/north-carolina-county-falls-for-bec-scam-to-the-tune-of-1728083/

In Ogiekpolor’s case, the US Department of Justice (DOJ) reported:

At trial, the jury heard from several businesses – representing just a small sample of the total number of companies defrauded – who had been victimized by spoof emails. In each case, the victim-business believed it was making a payment, often several hundreds of thousands of dollars, to a long-standing vendor only to subsequently learn that they had been tricked into sending the money to an account controlled by Ogiekpolor and thereby defrauded.

Crimes against the person

Romance scams, sadly, are targeted against individuals, rather than companies, but they can be very lucrative for the criminals, and destructively life-changing for their victims.

These scams often play out on legitimate dating sites, where the scammers typically take the profile details and photo of someone they think the victim might actually quite like…

…after which the scammers court the victim, often over an extended period of time, by pretending to be their perfect match.

The victim and their new “romantic partner” will never meet in real life, so the scammer can make claims about themselves, their appearance and their background that will never directly be put to the test:

https://nakedsecurity.sophos.com/2021/02/16/romance-scams-at-all-time-high-heres-what-you-need-to-know/

Only when the victim has fallen for the scammer, and thinks that they can be trusted, will the scammer introduce money into the equation.

The amounts may start small, but vulnerable victims may ultimately be conned out of their life savings, as the DOJ reports:

[O]ne romance fraud victim was convinced to wire $32,000 to one of the accounts Ogiekpolor controlled because her “boyfriend” (one of the men online) claimed a part of his oil rig needed to be replaced but that his bank account was frozen. This victim borrowed against her retirement and savings to provide the funds, which ultimately required her to refinance her home to pay back the loan. Another victim testified that she was convinced to send nearly $70,000 because the man she met on eHarmony claimed to need money to promptly make payment on several invoices due to a frozen bank account.

What to do?

TO PROTECT YOUR BUSINESS FROM BEC

TO PROTECT YOURSELF, FRIENDS AND FAMILY FROM ROMANCE SCAMS


Exit mobile version