In one case, a target was conned into paying out US$15.4m. The network compromised email accounts of small to medium businesses around the world.
Mike ran a network of at least 40 people working from Nigeria, Malaysia and South Africa, which used malware and carried out the fraud, and he also had money laundering contacts in China, Europe and the US who provided bank account details for the illicit cash flow.
The main two types of scam run by the 40-year-old targeted businesses were payment diversion fraud – where a supplier’s email would be compromised and fake messages would then be sent to the buyer with instructions for payment to a bank account under the criminal’s control – and ‘CEO fraud’.
In CEO fraud, the email account of a high-level executive is compromised and a request for a wire transfer is sent to another employee who has been identified as responsible for handling these requests. The money is then paid into a designated bank account held by the criminal.
Mike’ first came onto the law enforcement radar through a report provided to INTERPOL by Trend Micro, one of its strategic partners at the INTERPOL Global Complex for Innovation (IGCI) in Singapore. .
This, combined with actionable analysis and intelligence from Fortinet Fortiguard Labs in 2015, enabled specialists at the INTERPOL Digital Crime Centre, including experts from Cyber Defense Institute based at the IGCI, to locate the suspect in Nigeria, resulting in his arrest in June.
The 40-year-old, along with a 38-year-old also arrested by Nigerian authorities, faces charges including hacking, conspiracy and obtaining money under false pretences. Both are currently on administrative bail as the investigation continues.