Full Report
Abiola Kayode, a 37-year-old Nigerian national, has been extradited from Ghana to the United States to face charges of conspiracy to commit wire fraud. Kayode, who was on the FBI’s Most Wanted cybercriminal list, is charged with participating in a business email compromise (BEC) scheme and romance fraud from January 2015 to September 2016, defrauding […] The post Notorious Nigerian cybercriminal tied to BEC scams extradited to U.S. appeared first on CyberScoop.
Analysis Summary
# Threat Actor: Abiola Kayode (and associated BEC Syndicate)
## Attribution & Identity
* **Name Identified:** Abiola Kayode (37-year-old Nigerian national).
* **Status:** Extradited from Ghana to the U.S. and on the FBI’s Most Wanted cybercriminal list.
* **Associated Groups:** Part of a broader network of cybercriminals (including Adewale Aniyeloye, Pelumi Fawehinimi, Onome Ijomone, and Alex Ogunshakin) involved in large-scale BEC and romance fraud schemes.
* **Official Recognition:** Sanctioned by the U.S. Treasury Department in 2020 along with five others.
## Activity Summary
* **Campaign/Activity:** Participation in a large-scale Business Email Compromise (BEC) scheme coupled with romance fraud, spanning from January 2015 to September 2016.
* **Scale:** Defrauded businesses of over $6 million.
* **Related Activity:** The DOJ is actively targeting high-profile BEC scams; another Nigerian national, Okechuckwu Valentine Osuji, was recently sentenced for a similar BEC scheme.
## Tactics, Techniques & Procedures
* **Business Email Compromise (BEC):** Impersonating high-level executives to direct company employees to execute fraudulent wire transfers.
* **Fraudulent Diversion:** Diverting fraudulently obtained funds into bank accounts controlled by Kayode and co-conspirators, many of which were allegedly linked to victims of romance scams.
* **Geographic Movement:** Co-conspirators operated the scheme from multiple countries, including the United States.
## Targeting
* **Sectors:** Businesses (general designation, implied financial departments due to wire fraud).
* **Geography:** Based out of Nigeria (extradited from Ghana).
* **Victims:** Businesses targeted for wire fund diversion, and potentially individuals targeted through romance scams to acquire mule accounts.
## Tools & Infrastructure
* **Malware Families Used:** Not explicitly mentioned in the summary.
* **Infrastructure (C2, domains, IPs):** Not explicitly detailed, though the operation required bank accounts to receive diverted funds, some linked to romance scam victims.
## Implications
* **High Financial Impact:** These BEC schemes represent a significant, ongoing financial threat, with FinCEN reporting billions in attempted losses since 2016.
* **International Cooperation Success:** The extradition highlights successful multinational law enforcement cooperation (involving the DOJ Office of International Affairs and the FBI) in prosecuting high-value cybercriminals.
## Mitigations
* **Strengthen BEC Defenses:** Implement robust verification protocols for executive-level wire transfer requests, especially those received via email.
* **Monitor Financial Flows:** Scrutinize unusual fund transfers, particularly those being routed through accounts potentially associated with romance scams or known money mules.
* **Insider Awareness:** Train employees on recognizing social engineering tactics used by BEC actors impersonating executives.