A Nigerian identified as Charles Onus has been arrested by the Federal Bureau of Investigation (FBI) for his alleged involvement in diverting $800,000 into prepaid debit cards, barely a month after Abidemi Rufai, an aide to Governor Dapo Abiodun of Ogun state was arrested for fraud in the United States.
The United State Department of Justice in a statement shared on its website, said Mr Onus was arrested and detained on April 14 in San Francisco.
The suspect who is accused of hacking over 5,500 company user accounts, was arraigned before the Manhattan federal court on Wednesday June 2.
He is said to have allegedly participated in the scheme between July 2017 through about 2020, obtaining over 5,500 company user accounts through a cyber-intrusion technique referred to as “credential stuffing.”
The statement read;
“As alleged, Onus did this as effectively as someone who commits bank burglary, but with no need for a blowtorch or bolt-cutters. Thanks to the FBI and IRS-CI, Onus is in custody and facing serious federal charges.
“During a credential stuffing attack, a cyber threat actor collects stolen credentials, or username and password pairs, obtained from other large-scale data breaches of other companies. The threat actor then systematically attempts to use those stolen credentials to obtain unauthorized access to accounts held by the same user with other companies and providers, to compromise accounts where the user has maintained the same password.
“After Onus successfully gained unauthorised access to a company user account, he changed the bank account information designated by the user of the account so that Onus would receive the user’s payroll to a prepaid debit card that was under Onus’ control.
“From at least in or about July 2017 through at least in or about 2020, at least approximately 5,500 company user accounts were compromised and more than approximately $800,000 in payroll funds were fraudulently diverted to prepaid debit cards, including those under the control of Onus.”
The 34-year-old Nigerian national has now been charged with “one count of computer fraud for causing damage to a protected computer” which carries a maximum sentence of 10 years in prison.
The statement added;
“One count of computer fraud for unauthorised access to a protected computer to further intended fraud, and one count of receipt of stolen money, each of which carries a maximum sentence of five years in prison; one count of wire fraud, which carries a maximum sentence of 20 years in prison; and one count of aggravated identity theft, which carries a mandatory sentence of two years in prison to be served consecutively to any other sentence imposed.”