Two men involved in a business email compromise (BEC) fraud campaign have been charged with numerous crimes. Christian Akhatsegbe of Atlanta, Georgia was charged with aggravated identity theft, access device fraud, and conspiracy to commit wire and computer fraud. Emmanuel Aiye Akhatsegbe, who was living in Lagos, Nigeria, was also charged. Phishing emails were sent out by the men aiming to gain access to targeted companies’ employee email accounts. The men would then use the compromised accounts to send fake invoices to other people within the company. The invoices looked legitimate and were made to resemble one that would come from a vendor the victim worked with. Over the course of a month in 2019, the men were able to acquire over $1 million USD in stolen funds. “This case is an example of our persistent determination to hold criminals accountable no matter how sophisticated their cyber fraud or their geographic location,” said Chris Hacker, special agent in charge of FBI Atlanta. The men will face trial in the coming months.
Sentences and fines for cybercrimes have been steadily increasing over the years. If convicted, these men will both potentially face a substantial amount of time in prison. As for organizations that may be targeted by similar attacks, it is important to train employees on how to verify the legitimacy of emails and their senders, especially when large sums of money are involved. If an employee is unsure, it is always better to ask than end up paying a threat actor.