Obinna Obioha, a Nigerian citizen has recently pleaded guilty in federal court to hacking into the computers of American businesses around the country and stealing information that enabled him to scam the companies out of an estimated 6.5 million dollars.
While in Nigeria, Obioha used phishing emails to hack into the computers of companies around the world including the United States.  Through his monitoring of the email accounts of employees of the targeted companies, Obioha was able to recognize when commercial transactions were about to occur, at which time he would then send an email to the company from an email address just slightly different from that of a company with which his targeted company did business.  Posing as a regular business partner of his targeted company, the phony email would be used to send a phony invoice and instructions to wire the payment funds to bank accounts controlled by Obioha and his cohorts.  Obioha admitted successfully perpetrating this scam at least fifty times between January and September of 2016.  Obioha was arrested after flying to New York from Nigeria in October of 2016 and has been in custody since then.  He is now awaiting sentencing.
Companies large and small are increasingly falling for this scam.  In order to avoid this scam, companies should be particularly wary of requests for wire transfers made by email. Wire transfers are the preferred method of payment of scammers because of the impossibility of getting the money back once it has been sent.  Verification protocols for wire transfers and other bill payments should be instituted including, dual factor authentication when appropriate.  Companies should also consider the amount of information that is available about them and their employees that can be used by scammers to perpetrate this crime.  They also should have strict rules regarding company information included on employee social media accounts that can be exploited for “spear phishing” emails which play a large part in this scam. Finally, employees should be specifically educated about this scam in order to be on the lookout for it.