Fraud Management & Cybercrime
3 Extradited Fraudsters Sentenced in US Following Conviction by Jury
Three Nigerian nationals who were convicted of a range of charges – including identity theft and payment card fraud – were sentenced Wednesday to lengthy U.S. prison terms.
See Also: Ransomware: How to Win the Battle
Rasaq Aderoju Raheem, 31, was sentenced to serve 115 years in prison; Oladimeji Seun Ayelotan, 30, was sentenced to serve 95 years; and Femi Alexander Mewase, 45, was sentenced to 25 years, according to the U.S. Department of Justice.
The men were arrested as part of a joint operation involving South African Police, Interpol, the U.S. Immigration and Customs Enforcement’s Homeland Security Investigations as well as the U.S. Postal Inspection Service.
All three were extradited from South Africa to the United States in 2015.
During a three-week trial earlier this year in federal court in Mississippi, a jury found each defendant guilty of a variety of offenses, including mail fraud, wire fraud, identity theft, credit card fraud and theft of government property. In addition, Ayelotan and Raheem were found guilty of conspiracies to commit bank fraud and money laundering.
Federal prosecutors say the three were part of a “large-scale international fraud network” that first began operating in 2001, and that 21 defendants have so far been charged in the case, of whom 12 have pleaded guilty and 11 have now been sentenced.
The fraud network engaged in “numerous internet-based fraud schemes,” including tricking people into cashing counterfeit checks and money orders on the group’s behalf, purchasing electronics and other goods that could be easily resold – especially on auction site – using stolen credit and debit card numbers, and taking control of online bank accounts using stolen personally identifiable information, the Justice Department says. “As a whole, the conspiracy involved tens of millions of dollars in intended losses.”
Ayelotan, Mewase and Raheem recruited U.S.-based individuals to further their fraud via “romance scams,” prosecutors say. These typically involve a fraudster pretending to be someone else – the gang often adopted identities involving European women – to establish a romantic relationship with victims and trick them into serving as money mules, referring to people who – knowingly or otherwise – transfer money illegally on behalf of others.
“According to trial evidence and plea documents, once the perpetrator gained the victim’s trust and affection, the perpetrator would convince the victim to either send money or to help carry out fraud schemes,” according to the Justice Department. “For example, the defendants admitted that they used romance victims to launder money via Western Union and MoneyGram, to repackage and reship fraudulently obtained merchandise and to cash counterfeit checks.”
According to court documents, one woman who believed she was a victim of the romance scam said that she’d met a man online in October 2011, who’d asked her to reship merchandise to an address in Pretoria, South Africa, in return for a $3,000 check, which turned out to be bogus, the Sun Herald newspaper in Mississippi reports.
Prosecutors say the gang used a variety of email addresses – largely free webmail accounts registered with Google’s Gmail service and Yahoo mail – to communicate with victims. Some of those email addresses, the Justice Department says, allegedly included:
The Department of Justice has asked anyone who believes they were a victim of the gang to come forward and fill out this questionnaire.
Previous Fraud Schemes
This is just the latest case in which the Justice Department has charged foreigners – including Nigerian nationals – with phishing attacks and fraud as part of romance scams.
In 2012, for example, federal prosecutors announced charges against individuals involved in a phishing ring that harvested individuals’ personal details for identity theft purposes. Prosecutors said Chase Bank, Bank of America, ADP and Branch Bank & Trust Co. collectively suffered $1.5 million in fraud as a result. Part of the alleged fraud involved attackers using the stolen credentials to log into the site of payroll processor ADP and add fake employees onto companies’ books.
“As part of the scheme, more than $300,000 in fraudulent payroll was wired to defendant Olaniyi Jones, a Nigerian national who impersonated a European woman interested in romantic relationships to dupe mules into wiring the proceeds of the scheme overseas,” according to the Justice Department.
Scams Are Thriving
Phishing-related fraud and email-based scams are big business in numerous countries, including Nigeria (see Churchgoing Nigerians Drive Business Email Attacks).
Last year, Nigerian police arrested a 40-year-old man, “Mike,” who had been accused of masterminding multiple types of fraud schemes. Those included business email compromise – accused of emailing an employee, pretending to be an executive at the organization, and ordering the employee to wire money to a designated account – as well as 419 (advanced fee fraud) and romance scams.
“‘Mike’ and his network of cybercriminals from Nigeria, Malaysia, and South Africa are believed to have conned more than $60 million from various companies, with one victim alone losing more than $15 million,” according to security firm Trend Micro, which assisted Interpol and Nigeria’s Economic and Financial Crime Commission with its investigation.
It’s unlikely that the arrests of Mike, as well as the romance-scam gang sentenced this week, will put a big dent in phishing attacks, not to mention business email compromise, 419 or romance scams, because they offer the potential for so much profit.
The FBI estimated last year that losses since 2013 due to business email compromises totaled more than $3 billion and involved more than 22,000 domestic and international victims.
Security experts say many victims do not report such crimes to police, so actual losses may be much higher.