A Nigerian citizen identified as Olusegun Samson Adejorin has been arrested in Ghana for his alleged involvement in a Business Email Compromise (BEC) fraud worth $7.5 million.

Adejorin’s indictment was announced by the United States (US) Attorney for the District of Maryland, Erek L. Barron and Acting Special Agent in Charge, R. Joseph Rothrock of the Federal Bureau of Investigation, Baltimore Field Office.

“An eight-count federal grand jury indictment was unsealed today charging Olusegun Samson Adejorin, of Nigeria, for wire fraud, aggravated identity theft, and unauthorized access to a protected computer related to a $7.5 million scheme to defraud two charitable organizations by impersonating employees, and gaining access to the employees’ email accounts,” the statement read.

“Adejorin was arrested in Ghana on December 29, 2023 and is detained pending his initial appearance in Ghana.

“According to the eight-count indictment, between June and August 2020, Adejorin perpetrated a scheme to defraud Victim 1, a charitable organization located in North Bethesda, Maryland and Victim 2, a charitable organization located in New York, New York by gaining access to employee email accounts and impersonating employees to induce financial transactions.

“The indictment alleges that Adejorin posed as an employee of Victim 2 to request withdrawals of Victim 2’s funds from Victim 1, a charitable organization that provided investment services to Victim 2.

“Withdrawals over $10,000 required approval from at least one of several individuals authorized by Victim 1.”

According to the indictment, Adejorin fraudulently obtained the credentials of employees at Victim 1 and Victim 2 and posed as those employees to send emails from their accounts, including emails making fraudulent requests for the withdrawal of investment funds.”

It added that as part of the scheme, Adejorin also allegedly purchased a credential harvesting tool designed to steal email login credentials and registered spoofed domain names.

The suspect also concealed the fraudulent emails from a legitimate employee by causing the fraudulent emails to be moved to an inconspicuous location within Employee 1’s mailbox.

According to the indictment, Adejorin as part of the scheme caused more than $7.5m of Victim 2’s funds to be sent, pursuant to fraudulent withdrawal requests, from Victim 1 to bank accounts that were not Victim 2’s bank accounts.

If convicted, Adejorin faces a maximum sentence of 20 years in federal prison for each of five counts of wire fraud as stipulated by the US authorities.

He also faces a maximum of five years in federal prison for unauthorized access to a protected computer.

The suspect is also facing a mandatory sentence of two years in federal prison, consecutive to any other sentence imposed, for each of the two counts of aggravated identity theft.

The maximum penalty for two of the wire fraud counts could be increased by seven years for knowingly falsely registering and using a domain name.