Philstar.com
January 21, 2022 | 1:28pm
MANILA, Philippines (Update 1, 3:25 p.m.) — The National Bureau of Investigation on Friday said agents have arrested five people tagged in a massive online banking fraud that affected more than 700 clients of BDO Unibank Inc.
The NBI said they arrested two Nigerian nationals and three Filipinos who are involved in the hacking of BDO accounts where clients reported unauthorized transfer of money from their accounts.
In a statement, the NBI identified the arrested as:
- Ifesinachi Fountain Anaekwe, alias Daddy Champ
- Chukwuemeka Peter Nwadi
- Jherom Anthony Taupa
- Ronelyn Panaligan
- Clay Revillosa
Nigerian nationals Anaekwe and Nwadi underwent inquest proceedings before the Department of Justice for Trafficking in Unauthorized Access Devices under Section 9 of Republic Act 8484 or the Access Devices Regulation Act of 1998.
Taupa meanwhile is facing complaint for Misuse of Devices under Section 4(a)(5)(i)(aa) of RA 10175 or Cybercrime Prevention Act of 2012.
BDO account holders in mid-December reported unauthorized transactions involving tens of thousands of pesos. In a virtual press conference, NBI Cybercrime Division chief Vic Lorenzo said the scam started from phishing, which eventually led to the accounts of clients being compromised.
Lorenzo, however, said the suspects were not able to cash in the money they siphoned out of the accounts they hacked as their transactions were flagged by the receiving bank.
“They sent out phishing emails… they were able to generate the OTP so they were able to bypass that,” Lorenzo explained in a mix of English and Filipino.
Access to options for cashing out funds
The NBI CCD conducted a series of operations to arrest the five members of the group. These were launched after an informant disclosed to the bureau details regarding several individuals believed to be leaders, members, or affiliates of Mark Nagoyo Group — named after the account that reportedly made the illegal money transfers.
According to NBI. the informant said the suspects provide access to “anyone looking for options to cash out funds fraudulently obtained.” The ranges from bank accounts, cryptocurrency wallets to point-of-sale terminals of legitimate merchants.
The informant also said he received a call from a certain “Mark Froilan” who later contacted Anaekwe, through his alias. The Nigerian suspect said he will provide the informant three different accounts for the transfer P10 million each “apparently referring to the funds from BDO alluded to by Mark Froilan.”
Anaekwe and Nwadi were caught in the act offering accounts for sale on January 18 in Mabalacat, Pampanga, NBI added.
Phishing website
NBI agents arrested subject Taupa on the same day in Floridablanca, Pampanga “for selling ‘scampage’ or phishing website.”
The bureau said another informant identified Taupa as one of the masterminds in the “Mark Nagoyo” scam who was selling scampages that imitate the looks of popular e-wallet app Gcash.
“Accordingly, Taupa modified the code in order to gather the log in details of unwitting victims who would access the scampage in the mistaken belief that they were opening Gcash’s official portal,” the NBI said.
It added that the owner of the phishing website would then be able to get into the victim’s Gcash accounts to steal funds from the said e-wallet.
In a statement, GCash said it cooperated with authorities to bring the suspects behind bars, adding that its platform “retains its integrity and is secure.”
“It employs up-to-date security technologies and global best practices applied on its system and its app, assuring customers of safe transactions. GCash would also like to clarify that it is not party to incidents from other financial institutions,” the company said.
The NBI launched the buy-bust operation after Taupa and the informant agreed on P2,000 as payment in cash for the phishing website.
Taupa also admitted to selling Gcash scampages stored in his computer, the NBI added.
“Further investigation revealed that subject [Taupa] is involved in a group heist, being the one sending the emailing list containing personal details of various bank customers to a group of individuals responsible for sending email to the former. The said email contains a link which when clicked, will be used for the hacking process of the heist group,” it added.
A separate operation yielded the arrest of Panaligan and Revillosa, tagged as web developer and downloader in the BDO hacking incident, the NBI added. — Kristine Joy Patag with reports from Ramon Royandoyan
Editor’s note: Added GCash’s statement.
