Many of our readers may know that we established CertifID after our founders were hit with a wire fraud in their title agency. Back in 2015, Lawrence Duthler and Tom Cronkright’s title agency, Sun Title, lost $180,000 when it was targeted by a Nigerian crime syndicate known as the “Black Axe”.
What you may not know is that, since then, Tom has played a part in the dismantling of the North American chapter of this group that stems out of West Africa. In October of this year, he testified in open court in a federal criminal trial against the organization’s second in command.
The court appearance was the end of a story involving multinational criminal gangs, billions of dollars in fraud attempts, a hit taken out on the lives of witnesses, and FBI protection.
The Black Axe: A Highly Organized, Violent, Criminal Organization
To get an idea of what Tom was up against, we must look at the group central to the scam – the Black Axe.
The Black Axe is an organized crime syndicate based in Nigeria. As well as its home base, the group has established “Black Axe Chapters” around the world, including in North America.
According to a report by CrowdStrike, the group takes part in a wide variety of crimes including prostitution, human trafficking, the drugs trade, and money laundering. It is also violent and reportedly often engages in deadly fights with other groups.
In North America, Black Axe is perhaps most well known as a significant source of cybercrime.
Black Axe and Business Email Compromise
Nigerian cybercrime first gained notoriety due to the “Nigerian prince needs you to wire him $1,000” scams from the early days of the internet. However, the group’s crimes are now much more complicated.
According to CrowdStrike, Black Axe currently favors Business Email Compromise (BEC). This a targeted type of fraud that attempts to trick an organization’s employees into wiring money to Black Axe controlled accounts.
It often involves hacking, a network of clone websites, and weeks of research while the criminals wait for the most opportune moment to strike.
When they do strike, the gang is ruthless. After the first payment is made, the fraudsters keep asking for more money until the target realizes what is going on.
By then it is usually too late.
The criminals know that to have the highest chance of keeping the money, they need to move it on as soon as possible. The money often travels through Hong Kong or other locations in China.
From there, the group transfers the funds to bank accounts around the world. The intricate trail makes it difficult for victims and law enforcement to recover the stolen assets.
The tactics used by the scammers are always changing. However, CrowdStrike noted that throughout 2017, many of the scams followed a similar pattern.
First, the scammers send a spear-phishing email to a member of the target organization. Either the email or a PDF attached to the email will contain a link to a webpage. On this page, the criminals attempt to steal login credentials for the victim’s email services.
Once the criminals have control of an email account, they can access it at will. They use this access to find sensitive information and to compromise other accounts.
Once the hackers have enough data to run the scam convincingly, they send emails to victims from the hacked accounts asking for payments to Black Axe controlled bank accounts.
After losing $180,000 in 2015, Tom set out to get his money back. He and his business partner were relatively lucky; they managed to retrieve $140,000.
His experiences also lead him to testify against the number two leader of the North American division of Black Axe – Okechukwu “Desmond” Amadi.
The charges against the various members of Black Axe include stealing millions from women who were defrauded in online romance scams. They were also accused of wire fraud totaling over $10 million.
In a trial against a professional money launderer that assisted the Black Axe in opening bank accounts and “muling” millions of illegally obtained funds, the defendant took out a hit on several witnesses. This caused her to receive an additional 66 years on her sentence.
It also meant that Tom required FBI protection so he could safely travel to the courthouse to testify in open court.
Protect Yourself from Wire Fraud
The time following the scam was draining, frustrating and at times frightening – experiences that Tom said he would not wish the experience on anyone.
Because of this, we believe it is crucial organizations make cybersecurity a priority. It may seem like a lot of effort is needed to put procedures in place However, it is nothing compared to what is required should you fall victim to wire fraud.
Here are three quick actions you can take to protect your business.
Educate Yourself, Your Staff, and Your Customers
You should keep yourself and your employees in the know about the types of wire fraud and signals to look out for. Additionally, if your customers wire money, ensure they are also aware of the signs of fraud.
If you want to stay up-to-date with the latest trends in the fight against wire fraud, then be sure to sign up to our new newsletter (let me know the link for this).
The next step is adding two-factor authentication to all your accounts.
If you do this, hackers can’t access your accounts with just a username and password. They will also need the extra information provided by two-factor authentication.
This makes it difficult for criminals to gain access to the data required to make a scam convincing.
Authorize Your Wire Transfers
You should have a process in place to authorize every wire transfer made by your business. One way you can do this is to get confirmation over the phone whenever you send money. Or, you could use CertifID to verify that everyone involved in the wire transfer is who they say they are.
By doing this, you can reduce your chances of becoming a victim of fraud. Even if a criminal manages to give you or a customer the wrong bank details.
We know from experience how damaging it can be to fall victim to wire fraud. However, by taking steps now — such as the ones above — you reduce the chances of it happening to your organization.