Quality Management System
Emmanuel Mmaduike and Olawale Kashimawo ran scams from southeast London. They somehow obtained thousands of business email addresses and passwords and changed the payment details from legitimate companies to themselves.
This type of attack is officially known as “Business Email Compromise”. BEC involves a person pretending to be a senior executive member of the company who then convinces the victim to change the destination of a payment in to their account. A report from Cisco in 2017 cites cyber criminals making £3.9bn from BEC in a three year period.
Mmaduikerole accessed the email accounts and changed invoices that rerouted payments to a different bank. Kashimawo ran the bank accounts. They were eventually caught and sentenced to six years in prison.
The head of investigations at the National Cyber Crime Unit said “UK businesses should exercise caution when authorising significant transactions - particularly if there is a last-minute change of account details. If in doubt, speak to the intended recipient of the funds on the phone prior to making a large payment. Keep passwords safe and do not use the same passwords for multiple online accounts. We are continuing to tackle business email fraud and money laundering. It is imperative victims report such compromises as soon as possible and retains all evidence”.