Virginia Commonwealth University (VCU) had $469,819.49 stolen in an alleged Nigerian email scam, according to a Department of Justice court document and an FBI Richmond press release that announced the extradition to the U.S. of three Nigerian nationals alleged to have participated in a multimillion-dollar fraud scheme that also targeted a North Carolina university, a Texas college, local Texas governments, and Texas construction companies.
The FBI described similar methods in each case, including the scheme against VCU: fraudsters allegedly created email addresses similar to legitimate companies and used them to deceive employees at targeted institutions.
“On September 26, 2018, an individual using the name ‘Rachel Moore’ contacted an employee in VCU’s procurement department using the email address [email protected] As detailed further below, the domain name associated with [email protected] is purposefully very similar to the actual email domain name for Kjellstrom and Lee, Inc., which is a large construction company located in Richmond, Virginia, and which has completed construction projects for multiple universities including VCU,” a DOJ affadavit states.
“‘Rachel Moore’ advised the procurement department employee that the bank account on file for receiving payments was currently being audited and inquired if the next payment could be sent to another bank account. From October 4, 2018, through December 10, 2018, ‘Rachel Moore’ repeatedly emailed back and forth with the VCU employee, using a variety of social engineering techniques that convinced the VCU employee that the sender worked for the accounting department at Kjellstrom and Lee,” the affadavit states.
VCU eventually transferred the money, which was quickly laundered and sent out of the country, according to the FBI. United Kingdom authorities arrested the three defendants on April 23, 2020, and they were ordered to be extradited in 2021. The U.K. High Court rejected those appeals in July.
A VCU spokesperson said in a statement, “Through insurance, VCU recovered a significant amount of the funds. Additional safeguards were put in place to protect against this type of fraud.”
The FBI calls the email scams “business email compromise fraud schemes” (BEC) and warns that individuals including the elderly, real estate purchasers, and others can also be victims.
“This is often accomplished by impersonating a key employee or business partner after obtaining access to that person’s email account or sometimes done through romance and lottery scams. BEC scams may involve fraudulent requests for checks rather than wire transfers; they may target sensitive information such as personally identifiable information (PII) or employee tax records instead of, or in addition to, money; and they may not involve an actual ‘compromise’ of an email account or computer network,” the FBI press release states.
– – –