A Nigerian businessman was sentenced to ten years in prison this month for his role in a multi-million-dollar BEC (business email compromise) scheme.
Over four years, Obinwanne Okeke and his conspirators performed a series of online scams, including an attack on Unatrac Holding Limited, the export office for the construction machinery company Caterpillar, which resulted in $11 million (about €9 million) in losses.
In April 2018, Okeke fooled a Unatrac executive with a phishing email that asked him to hand over his login credentials.
With this information, the scammers sent fraudulent wire transfers for vast sums of money to their overseas accounts.
Bleeping Computer reported that Okeke went to great lengths to make the scams look realistic.
Some of the fake invoices contained mock-ups of the Unatrac logo, and others covered their tracks by being sent via an external email that was forwarded to employees in charge of making payments.
The attackers also created email filters that marked legitimate emails from company employees as read and automatically moved them to a different folder. This ensured that responses from the recipients of the fake invoices were hidden.
Okeke may now be behind bars, but for every scammer who is apprehended, there are thousands more who operate with impunity. It is extremely difficult to catch fraudsters and almost impossible to return stolen money – so organisations can’t rely on the authorities to keep them safe.
Employees underestimate scammers
Most of us would like to think that we’ve become more astute at spotting online scams.
We’ve certainly needed to be, with fraudsters having come a long way from the tall tales of Nigerian princes and multi-million-dollar inheritances.
That was a time when scammers targeted only the most gullible – the sort of people who, if they’d believe that, would believe anything.
Cyber criminals have since learned that, with the right tools and preparation, we are all liable to fall victim – and the damage is far greater now.
A 2019 FBI report found that businesses reported losses of $1.7 billion (about €1.4 billion) from online fraud.
This is not just the result of careless employees falling for obvious tricks. Fraudsters are capable of sophisticated subterfuge that’s unrecognisable from the techniques they used even a few years ago.
With their money and data at stake, organisations must invest in ways to protect themselves.
The only chance way to curb the threat is by being better educated. The two most important things employees must remember is to protect their passwords and to never open email attachments unless they are certain the sender can be trusted.
Of course, it’s one thing to say that but another to make sure those lessons stick.
That’s where staff awareness training comes in. Rather than a once-a-year exercise, you must incorporate training into your organisational culture to give you the best chance of countering cyber threats.
IT Governance offers a variety of staff awareness training solutions, including tailored e-learning options.
We work with our clients to identify their exact knowledge gaps and requirements, ensuring the finished product delivers the required staff awareness levels on the given topic.
Speak to one of our experts to find out how we can help.