Nigerian National Pleads Guilty to $1.25 Million Business Email Compromise Scam Impacting U.S. Company
For Immediate Release
U.S. Attorney's Office, District of Columbia
Defendant Admits He Diverted Funds to Overseas Bank Accounts
WASHINGTON - Onwuchekwa Nnanna Kalu, 39, a Nigerian National from Rivers State, Nigeria, pleaded guilty today to stealing $1.25 million from an investment firm located in Boston, through a business email compromise (“BEC”) scam. The plea was announced by U.S. Attorney Matthew M. Graves and Acting Special Agent in Charge David Geist, of the FBI Washington Field Office's Criminal and Cyber Division.
Nnanna Kalu pleaded guilty in the District of Columbia to one count of wire fraud. U.S. District Court Judge Randolph D. Moss scheduled a sentencing hearing for November 29, 2023. Kalu was arrested in 2022 and has been detained by the Court as a risk of flight.
BEC scams typically involve a combination of computer intrusion techniques and social engineering in order to misdirect a transfer of funds into a bank account controlled by the fraudsters. According to court documents, Kalu and others conspired to enrich themselves through a BEC scheme that targeted an investment firm located in Massachusetts (Company A), which had invested in 42 companies located in North America, Europe, and Israel. Kalu and other conspirators gained access to the email account of an employee at Company A and, unbeknownst to the employee, the fraudsters installed malware on the employee’s computer that forwarded emails containing certain words like “invoice,” “fund,” “pay,” and “wire,” to an external email account controlled by the fraudsters. Kalu and others then created a spoofed domain name for Company A that differed by one letter, and sent spoofed emails, appearing to be from directors of Company A, to a financial services company located in London, England (Company B). Those spoofed appeals directed Company B to misdirect $1.25 million of wire transfers from Company A’s bank account to bank accounts outside of the U.S. controlled by conspirators. Once the fraudsters transferred the funds to financial institutions outside the U.S., the conspirators transferred some of those funds to bank accounts they controlled in Nigeria.
“Business email compromise schemes wreak havoc on companies, governments, and other institutions,” said Graves. “The best way to thwart a BEC scheme is due diligence. Check and double check the email address before responding with any information that could put you or your employer at risk. Once a breach is identified, we will do everything in our power to identify, arrest, and prosecute the perpetrators no matter where they hide.”
“Onwuchekwa Nnanna Kalu conspired to steal over $1 million from an investment firm through a business email compromise scheme,” said Acting Special Agent in Charge Geist. “This case should serve not only as a caution to businesses about the dangers of spoofed emails but also as a warning to cybercriminals about the FBI's dedication to prosecuting fraudsters — even those who operate overseas.”
In announcing the guilty plea, U.S. Attorney Graves commended the work of those who investigated the case from the Federal Bureau of Investigation, Washington Field Office. He also acknowledged the efforts of Assistant United States Attorney John W. Borchert who investigated and prosecuted the case.
Updated August 4, 2023
Press Release Number: 23-439