Wael Khalill alfuzai/Shutterstock (Licensed)
The Nigerian email scam is more dangerous than ever.
It turns out people really do fall for the ridiculous email scams that occasionally find their way into our inbox. A Nigerian man was sentenced to three years and five months in prison for taking part in an email scheme to defraud thousands of people of millions of dollars.
David Chukwuneke Adindu, 30, pleaded guilty to tricking people into sending $25 million to bank accounts he opened in China and Hong Kong in 2016.
Yes, that’s right, this is a legitimate Nigerian email scam. While swindling money is no laughing matter, the irony here is too rich to dismiss. If you’re not familiar, a “Nigerian Prince” email scam is an infamous tactic used to fool people into sending money. It can take on many forms, but the scam typically works by asking email recipients to donate money to a Nigerian government official who was unjustly jailed. When you help them escape, they will, naturally, pay you back for your good deed with riches. The scheme is so far-fetched it has become somewhat of a running joke within the cybersecurity community. While the scam is used in other nations, the especially comical Nigerian variant is the most commonly referenced.
It appears the Nigerian email scam is evolving into something more complicated and concerningly effective. In this incident, the scammers targeted an unnamed New York investment firm posing as another firm that was requesting a wire transfer of $25,200. The employer sent the full amount but later recognized the scheme and stopped short of sending a second $75,100 transfer. This is an example of what’s called a “business email compromise,” where scammers pose as executives or suppliers of businesses—more believable characters than a prince that has fallen on hard times.
Since October 2013, the FBI has reportedly received 22,143 complaints from U.S. and foreign victims regarding business email scams where criminals requested more than $3 billion in funds. Considering the countless cybersecurity breaches we’ve seen in the past 12 months, it’s no surprise that even the least plausible threat can have devastating effects.