A Nigerian man has been sentenced to five years of prison time and pay $2.54 million in restitution for running business email compromise scams that attempted to steal $25 million.

According to the Onyekachi Emmanuel Opara operated from Lagos, Nigeria and for two years (2014-2016) targeted thousands of victims from the United States, Australia, the United Kingdom, Switzerland, Sweden, New Zealand, and Singapore.

Opara followed the classic recipe for business email compromise (BEC) activity, also known as CEO fraud. He sent employees of the victim companies emails purporting to be from their supervisors or from business partners, with instructions to transfer funds to specific bank accounts.

The techniques used to deceive the recipient are typical for BEC scams; emails came from domain names similar to the impersonated business or were spoofed so they looked like they came from the legitimate address.

Scammer runs side operation to hide the money trail

Opara did not act alone in his endeavors and ran a concurrent scam that distanced him from the operation.

He registered to dating websites as an attractive woman by the name of Barbara. Under this guise, he would win the heart of individuals in the US and convince them to send money overseas or to accept funds from his BEC scams and then transfer them to accounts controlled by Opara or his associates in the scheme.

It appears that Opara's female online persona had an irresistible charm, as it was able to convince one victim to transfer $600,000 of its own money to accounts controlled by the fraudster.

Also involved in the scheme was  David Chukwuneke Adindu, who received a sentence of 41 months of jail time on December 14, 2017. He was also ordered to pay about $1.4 million in restitution.

Adindu pled guilty to charges of conspiracy to commit wire fraud and conspiracy to commit identity theft. Opara was charged with conspiracy to commit wire fraud and wire fraud and also pled guilty this year on April 11.

Opara received 60 months of incarceration for each charge, to be served concurrently starting December 22, 2016, the date of his arrest in Johannesburg, South Africa. A month later he was extradited to the United States.

The FBI Internet Crime Complaint Center released this year guideline information on how to mitigate BEC scams and how to avoid them.

Related Articles:

Gmail Bugs Allow Changing From: Field and Spoofing Recipient's Address

Fraudster Targets Cryptocurrency Wallets with a Variety of Info Stealers

Zoho Suspended by Domain Registrar Over Phishy Emails

Russian Banks Under Phishing Attack

Fake Elon Musk Twitter Bitcoin Scam Earned 180K in One Day