Scammer robs homebuyers of life savings in $20 million theft spree

A 33-year-old Nigerian man living in the UK and his co-conspirators defrauded over 400 would-be home buyers in the US.

In the initial phase, Babatunde Francis Ayeni and his criminal gang targeted US title companies, real estate agents, and real estate attorneys. Employees of these companies were tricked into clicking malicious attachments and links and filling in their email account login information on fake sites. The entered information went straight to the phishers and allowed the criminals to monitor the emails of those employees.

As soon as the scammers spotted an email where someone was asked to make a payment as part of a real estate transaction, they would change the wiring instructions and let the victims deposit their payments into bank accounts associated with the criminals instead of the legitimate real estate transaction.

Some 400 people fell victim to this sophisticated business email compromise (BEC) scheme. 231 of these victims were unable to reverse the wire transactions in time and lost their entire transaction—often their life savings.

The total losses amount to nearly $20 million. To cover their tracks, the gang would buy Bitcoin with the stolen funds and divide it over three different addresses.

Last year, the FBI warned BEC focused on the real estate sector was on the rise.

“From calendar years 2020 to 2022, there was a 27% increase in victim reports to the Internet Crime Complaint Center (IC3) of BECs with a real estate nexus. In this same time frame, there was a 72% increase in victim loss of BECs with a real estate nexus.”

Ayeni was sentenced to ten years in federal prison for his role in the massive cyber fraud conspiracy.

During the multi-day sentencing hearing, numerous victims provided victim impact statements about how the crime affected them. They noted that in addition to losing all of the money they saved for the purchase of a new home, they felt significant shame, despair, and depression due to being victimized the way they were.

United States Attorney Sean P. Costello said:

“Cyber-enabled crimes can cause substantial and lasting harm to victims in an instant. Criminals across the world may believe that they are causing no harm to their victims and that they are safe behind their keyboards, but this case proves otherwise. With our law enforcement partners, we will continue to aggressively investigate, pursue, and hold accountable the crooks who perpetrate frauds online, wherever they are.”

Better to double-check

When transferring large sums of money, it’s advisable to double check whether the account details mentioned in any email correspond with those of the expected receiver of the funds.

  • Use trusted contact information: always verify account details using contact information from a trusted source, and check whether it matches the information provided in the suspicious email or invoice.
  • Call the company directly: Use a known, verified phone number to call the company and confirm any changes to payment instructions or account details.
  • Use secure verification methods: If available, use secure portals or platforms provided by legitimate vendors to verify account information.
  • If possible, follow up whether the payment came through at the legitimate receiver’s end while you still have the option to reverse the transaction.

We don’t just report on threats—we remove them

Cybersecurity risks should never spread beyond a headline. Keep threats off your devices by downloading Malwarebytes today.

ABOUT THE AUTHOR

Pieter Arntz

Malware Intelligence Researcher

Was a Microsoft MVP in consumer security for 12 years running. Can speak four languages. Smells of rich mahogany and leather-bound books.