In a striking example of international cybercrime, the Federal Bureau of Investigation (FBI) has unveiled the details of a sophisticated scam orchestrated by Farouk Adekunle Adepoju, a Nigerian citizen residing in the United Kingdom. Adepoju, often referred to simply as Adekunle in media reports, faces federal charges in the United States for allegedly hacking into a construction company’s systems and diverting payments from a Western Pennsylvania university, resulting in the theft of approximately $235,266.80.
The funds, intended for legitimate construction work, have not been recovered, highlighting the persistent threat of business email compromise (BEC) schemes.The case, investigated by the FBI’s Pittsburgh Field Office, underscores the global reach of cybercriminals and the collaborative efforts required to bring them to justice. Adepoju was arrested in the UK on September 15, 2025, following a U.S. extradition request, and is currently awaiting transfer to face trial in the Western District of Pennsylvania.
The Scam: A Step-by-Step Breakdown
According to the unsealed indictment, the fraudulent activities took place between March and April 2023. Adepoju employed a multi-layered approach that combined unauthorized computer access with social engineering tactics to impersonate legitimate parties and redirect funds. Here’s how the scheme unfolded:
Unauthorized Remote Access: Adepoju gained remote access to a protected computer system belonging to a Pennsylvania-based construction company that was performing work for the unnamed university. This initial breach allowed him to infiltrate the company’s internal network without detection.
Manipulation of Email Rules: Once inside, Adepoju altered email rules within the account of a construction company employee. These changes likely helped him intercept or redirect communications, setting the stage for further deception.
Creation of Spoofed Identities: Adepoju registered a spoofed domain and email account designed to mimic those of the construction company. This allowed him to impersonate another employee, making his communications appear authentic to the university’s staff.
Fraudulent Payment Requests: Using the spoofed email, Adepoju sent targeted messages to university employees responsible for financial transactions. The emails requested an update to the construction company’s payment information, directing future disbursements to a fraudulent bank account under his control.
Execution and Theft: Believing the requests to be legitimate, the university updated the payment details and transferred $235,266.80 to the specified account. The money was siphoned off, leaving the construction company unpaid and the university out of pocket.
This method is a classic BEC scam, where attackers exploit trust in email communications to manipulate financial processes. The indictment charges Adepoju with six counts of wire fraud, each carrying a potential maximum sentence of 20 years in prison and one count of computer fraud, which could add up to five years.
Sentences would ultimately be determined by federal guidelines, considering the offense’s severity and any prior criminal history.
Read also:
- Nigerian wanted by FBI for 20 years as agency offers ₦14 Million reward
- FBI arrests Nigerian Man in UK over $100,000 Broadway ticket scam
- Tinubu’s lawyers seek to block disclosure of FBI, DEA records
FBI’s Investigation and Global Pursuit
The FBI’s Pittsburgh Field Office led the probe, tracing the digital footprints back to Adepoju in the UK. Evidence, including the spoofed domain registrations and bank account trails, pointed unequivocally to his involvement.
FBI Special Agent in Charge Kevin Rojek emphasized the agency’s commitment: “Criminals who engage in schemes like this should know that the FBI and our law enforcement partners will pursue them across the globe.”
Acting U.S. Attorney Troy Rivetti praised the international cooperation, noting, “Thanks to the FBI’s investigation and our partnerships with law enforcement abroad, we were able to reach this defendant despite his location in another country.”
The Department of Justice’s Office of International Affairs played a key role in facilitating the extradition process.The indictment was unsealed shortly after Adepoju’s arrest, bringing the case into the public eye and serving as a warning to potential cybercriminals. Assistant U.S. Attorney Mark V. Gurzo is prosecuting the case.
This incident is part of a larger trend of BEC scams, which the FBI reports cause billions in losses annually to businesses, universities, and organizations worldwide.
Universities, with their complex vendor relationships and large budgets, are particularly vulnerable. Experts recommend verifying payment changes through independent channels, such as phone calls to confirmed contacts, and implementing multi-factor authentication on email systems to prevent such breaches.
Adepoju is presumed innocent until proven guilty, as the charges remain allegations at this stage. If extradited and convicted, his case could set a precedent for handling cross-border cybercrimes, demonstrating that geographic distance offers no shield from U.S. law enforcement.As cyber threats evolve, the FBI continues to urge vigilance and reporting of suspicious activities to mitigate these risks. For more information on protecting against BEC scams, visit the FBI’s official resources.
