A British citizen has been extradited to the US to face charges he oversaw a series of business email compromise attacks to steal over $2m from unwary accounts departments and individuals.
Habeeb Audu was indicted [PDF] in America on counts of bank and wire fraud, money laundering, conspiracy, and identity theft.
The 53-year-old, who operated under the alias Dickson, lived in London and also had Nigerian citizenship. He allegedly was part of a crew scattered around the globe. Its members were said to include: Dominic Labiran, who remains at large and was also based in the UK; Abdulai "Kenny" Saaka, who earlier pleaded guilty to a conspiracy to commit money laundering, operated out of Atlanta in the US; and Alade "Eluku" Sodiq, whose case still pending, lived in the United Arab Emirates. Another member of the group, who agreed to work with US law enforcement, was not named.
Individuals and companies said to have been scammed by the gang were scattered around the world, too, located in the US, Canada, the UK, Italy, and UAE. Audu's case is being heard in the Southern District of New York (Manhattan) where many of the defrauded banks are headquartered.
It is said the crew used combinations of stolen personal information, spoofed phone numbers, fake email accounts, and even voice-altering software to contact bank staff and con them into handing over control of accounts by posing as legit customers.
Rather than plunder big accounts via large wire transfers, this group allegedly went after after holders of personal checking accounts and small businesses. The operation was still said to be lucrative enough; it is claimed that from 2013 until 2019 when he was arrested, Audu and his team were able to pocket more than $2m in proceeds from preying on smaller targets with various types of scams.
Ex-Autonomy CFO Sushovan Hussain loses US appeal bid against fraud convictions and 5-year prison sentenceREAD MORE
For example, one alleged favorite trick of the group was to phone up a bank using a spoofed number and voice-altering software in order impersonate a customer. Once they had convinced the bank of their identity, the scammer would transfer money from the mark's savings account into checking, then ask for a new debit card to be sent to the scammer's address, it is claimed. This, it is alleged, allowed the group to easily drain the money from the victim's savings account via transfers or purchases.
That's not to say they didn't go after bigger targets on occasion, according to the Feds.
Other alleged schemes were more along the lines of traditional business email compromise (BEC) operations: calling up an organization masquerading as a legit supplier, and asking the business to update its bank records so that money destined for the supplier actually when into the scammers' accounts. The victim in one such scam – a restaurant in Ohio – was said to have been convinced to transfer more than $2m, though it is unclear how much of that was actually siphoned out of the account before the crime was uncovered, it is claimed.
The whole operation came tumbling down, it is said, when in 2019 another member of the crew agreed to work with US law enforcement. Under the oversight of police, that person convinced Audu and other members to agree to launder what they thought were the proceeds from another attack, but was in fact payment set up by the Feds to catch them in the act, it is claimed.
Audu was arrested by London cops on June 26 of that year, and only arrived in the US for trial on Monday. A date for his next hearing in the case was not given. ®