A man charged as part of a business email compromise money laundering scheme that allegedly defrauded victims out of $2 million over the course of at least six years is set to face a judge in U.S. court in the Southern District of New York.
The man, Habeeb Audu, who is a dual citizen of Nigeria and the U.K., was extradited from London last week for his alleged involvement in multiple money laundering and fraud scams, some of which leveraged information stolen during previous business email compromises, according to the U.S. Department of Justice.
Audu plans to “deny the charges and fight the case,” Audu’s attorney told CyberScoop in a phone call Monday.
One of the operations in which Audu was allegedly involved ran from 2013 to 2018. Audu and several co-conspirators duped banks into giving them access to victim bank accounts to steal money, according to the Justice Department.
They did so by using stolen personal information to deceive the banks into thinking they were legitimate account holders, according to court documents. They then supplemented those efforts with a phone number spoofing service and voice-altering technology to trick banks into thinking they were the legitimate account holders.
Business email compromise scams, in which hackers spoof email addresses, send malicious phishing emails, or imitate legitimate vendors, siphon significant amounts of money from victims annually. Last year, victims reported nearly $2 billion in losses to the FBI. The FBI has said this year it predicts business email compromise schemes will only grow amid the COVID-19 pandemic.
In this case, prosecutors say attackers used a voice-altering service, a tactic that scammers are increasingly latching onto throughout the world. Criminals have recently been using so-called “White SIMs” or “Russian SIMs” to manipulate their voices in real-time on fraudulent phone calls to better evade police, according to a Motherboard investigation.
Audu and the co-conspirators allegedly made thousands of calls like this from around the world, from locations ranging from the U.S., Canada, Italy, the U.K., and the United Arab Emirates. They would convince banks to send replacement credit cards to addresses they controlled, move victims’ money from savings to checking accounts so it was easier to access the money and falsely notify banks about international travel to distract banks from withdrawal activities.
“While today’s charges bring about a victory in this case, let it be a warning to the public to remain extra vigilant with respect to their personal and professional finances,” FBI Assistant Director William F. Sweeney Jr. said in a statement. “The market is unfortunately rife with this type of crime.”
To catch Audu in the act, law enforcement officers convinced an alleged co-conspirator, Alade Kazeem Sodiq, a citizen of the UAE, to cooperate. Law enforcement officials convinced Sodiq to ask Audu to conduct wire fraud and money laundering on his behalf.
Law enforcement officials also convinced Sodiq to record phone calls with Audu, according to the indictment. During these phone calls, Audu revealed he had also tricked an Ohio-based restaurant chain into wiring approximately $2 million to a bank account that he controlled between 2018 and 2019, according to the indictment. He imitated a legitimate vendor of the restaurant company in emails and intimated that the vendor had a new bank account where payments should be wired.
The case against Audu is just the latest in a spate of actions the U.S. government has made in an effort to take down the group working on this scheme. Audu is the fourth defendant charged in the case so far, according to the Department of Justice.
Another citizen of the U.K., Dominic Francis Labiran, allegedly involved in this scheme remains at large. Abdulai Kennedy Saaka, of Atlanta, Georgia, pleaded guilty to one count of money laundering conspiracy in January, according to the DOJ.
The case against Sodiq remains pending.
The superseding indictment is available in full below.