Massive BEC Scheme Run by Nigerian National Dismantled by FBI


A Nigerian national faces charges in the United States
emanating from various cybercrime schemes that included business email
compromise (BEC) frauds and a number of other alleged infractions.

Ramon Olorunwa Abbas, 37, a.k.a. “Ray
Hushpuppi” and “Hush,” is a Nigerian national and Dubai resident
accused of involvement in a few major BEC schemes that affected a U.S. law
firm, a foreign bank and an English Premier League soccer club.

In BEC attacks, bad actors use real credentials for
legitimate emails and trick third parties into making wire transfers. In many
cases, communications come from high up the hierarchical ladder, and employees
skip the usual security measures.

Abbas was arrested in the United Arab Emirates, with the
FBI’s help, and now faces charges after being expelled to The United States.

“The affidavit alleges that Abbas and others
committed a BEC scheme that defrauded a client of a New York-based law firm out
of approximately $922,857 in October 2019,” states
the press release from the Department of Defense.

“Abbas and co-conspirators allegedly tricked one of
the law firm’s paralegals into wiring money intended for the client’s real
estate refinancing to a bank account that was controlled by Abbas and the
co-conspirators.”

Abbas is also accused of conspiring to launder funds
stolen in a $14.7 million cyber-heist from a foreign financial institution in
February 2019. He was also targeting an English Premier League soccer club to
steal $124 million.

The prosecutors say that, if convicted of conspiracy to
engage in money laundering, Abbas would face a statutory maximum sentence of 20
years in federal prison.

BEC schemes are one of the most damaging cybercrimes, and
one reason is that criminals don’t need much technical expertise to pull it
off. It’s a lot different from breaching corporate infrastructure, for example.