When employees get an email from their CEO asking them to do something, chances are they will do it — fairly quickly and with no questions asked.
Amechi Colvis Amuegbunam counted on it. And he was right.
Employees wired company money to where Amuegbunam told them — most often foreign banks. He pulled it off by cleverly creating email accounts that made it appear as if he were a company executive, authorities said.
A federal judge sentenced him last week to 46 months in federal prison for duping more than 10 victims out of about $3.7 million.
He had faced up to 30 years in prison if convicted by a jury. Amuegbunam’s lawyer said in court documents that his client had no prior criminal record and was not a danger to society.
U.S. District Judge Ed Kinkeade also ordered Amuegbunam to pay $615,555 in restitution for his use of the latest cyberattack known as a “business email compromise” scheme. It’s become the crime of choice for some organized crime groups from Africa, Eastern Europe and the Middle East, the FBI says.
Amuegbunam, 30, of Nigeria, was living in the U.S. on a student visa at the time, court records show.
He sent emails that looked like forwarded messages from top company executives to employees who had the authority to wire money. Amuegbunam tricked the employees into wiring him money by transposing a couple of letters in the actual company email, authorities said.
Ezekiel “Zeke” Tyson, his attorney, said he was pleased with the sentence his client received.
“Mr. Amuegbunam has grown tremendously as a person and as a man throughout the process of this criminal case,” Tyson said. “He is absolutely one of the most intelligent and creative individuals I have ever represented.”
Tyson said his client will be deported back to Nigeria after serving his sentence, where he plans to become a farmer and produce organic pesticides.
“I expect once he puts his intelligence, creativity, and drive towards legitimate enterprises, he will have a very positive future,” Tyson said. “Mr. Amuegbunam also plans to do his best to repay the restitution he owes to the victim companies.”
Amuegbunam pleaded guilty in March to one count of conspiracy to commit wire fraud. He has been in custody since his arrest in Baltimore in August 2015.
The FBI issued an alert last year about the scam, saying it is “more sophisticated than any similar scam the FBI has seen before.” As of last year, more than 7,000 U.S. businesses had lost about $740 million from the scheme, the bureau said.
Investigators learned about Amuegbunam’s trickery in 2013 when two North Texas companies fell victim, court documents say.
In the case of Luminant Corp., an electric utility company in Dallas, an employee with the authority to wire money received an email from someone who appeared to be a company executive, a federal complaint said.
But the email domain name had two letters transposed. For example, someone created the email with a domain name of lumniant.com.
The duped employee wired $98,550 to a bank account in London.