The Spokesperson of PSFU, SP Eyitayo Johnson, said in a statement on Monday that the suspects were arrested for conspiracy, cyber fraud/Business Email Compromise, Criminal Conversion and Stealing.
He said that the arrests followed a petition addressed to the Commissioner of Police, PSFU by the Law Firm of Athan Ogbulie & Co. alleging diversion of the aforesaid sum during the Inter-Bank wire transfer of the funds.
“The suspect and members of the syndicate targeted and compromised the email accounts of businesses that frequently make wire payments and waited for the right time to substitute the original account that should receive the money.
“According to the suspect, the hack which happened in February 2022 was achieved by spoofing on the victim company’s email account/website.
“Which makes it possible to carry out slight variations to the legitimate email address of the company in order to fool the victim into thinking the fake accounts are authentic.
“Spear phishing emails were also sent to the company to gain access to company accounts, calendars and data.”
“Some of the money which was diverted into accounts belonging to the suspect, his wife and daughter has been recovered as an exhibit.
“While effort is on to locate the rest of the funds and other members of the syndicate.
“Part of the money was also discovered to have been withdrawn via Point-of-Sale (POS)and Automated Teller Machine (ATM) at different locations.
“The suspects will be charged to court as soon as the investigation is concluded.”
Johnson said that the Commissioner of Police, PSFU, CP Anyasinti Josephine, has advised individuals and businesses to take note of some precautions in order to mitigate against Business Email Compromise (BEC).
“Be careful of information shared online (such as pet names, birthday, don’t click on anything in an unsolicited email/sms asking you to update or verify account information.
“Carefully examine the email address, URL, and spelling used in any correspondence; set up two factors (or multi-factor) authentication on any account that allows it.
“Be careful what you download. Never open an email attachment from someone you don’t know.
“Verify payment and purchase requests in person, if possible, or by calling the person to make sure it is legitimate,” he said.