A Nigerian man charged with helping to run a $1 million phishing scheme that targeted the Government Services Administration and other federal agencies, has been extradited to the U.S., where he has pleaded not guilty to a wire fraud charge, theJustice Departmentannounced.
Olumide Ogunremi, 30, was extradited from Canada and appeared in federal court in Newark, N.J., on Wednesday. He’s being held in federal custody without bail, prosecutors says.
If convicted, Ogunremi faces a sentence of up to 20 years in prison a fine of up to $250,000, according to the U.S. Attorney’s Office for the District of New Jersey, which is overseeing the case.
Phishing for Credentials
In the phishing campaign, which ran from July to December 2013, Ogunremi, who also went by the name “Tony Williams,” and others allegedly targeted employees of the U.S. Government Services Administration – which provides a wide range of services for the federal government, including transportation, office space and other supplies – to harvest credentials, such as user names and passwords, according to federal prosecutors.
The group also allegedly targeted employees at other federal agencies, including the Environmental Protection Agency and the U.S. Census Bureau, according to a September 2018indictment.
In addition to phishing emails, federal prosecutors say that Ogunremi and others allegedly created fake or spoofed websites designed to look like the official sites of these agencies. When the phishing emails were sent to government employees, the messages contained a malicious link that would lead back to one of these phony landing pages, prosecutors say.
The indictment doesn’t specify the type of lure that the criminal gang used to entice government workers to enter their user names and passwords into these spoofed sites. Once they did, however, those credentials were harvested and emailed back to Ogunremi and other gang members, prosecutors say.
Once Ogunremi and other members of the criminal gang received the stolen credentials, they allegedly began contacting vendors who had government contracts with the agencies, prosecutors say.
In most cases, the scammers allegedly used the credentials to order printer toner cartridges from the vendors using phony emails and invoices, prosecutors say. The cartridges were shipped to addresses in New Jersey and other locations in the U.S., where Ogunremi and other members of the gang would pick them up, repackage them and ship them overseas, typically to Nigeria, the Justice Department alleges. The cartridges then were allegedly sold on the black market, raising about $1 million in six months.
A second Nigerian allegedly connected to this scheme, Abiodun Adejohn, pleaded guilty to wire fraud charges in 2014 and was sentenced to three years in federal prison, authorities say.
Outgrowth of 419 Scams
According to a recent report byPhishlabs, the U.S. remains the most popular target for phishing scams, with about 84 percent of all attacks taking place in the U.S. in 2018.
In most cases, the attackers deploy phishing emails to conduct credential stealing and rely on socially engineered 419 scams – better known as Nigerian Prince schemes – to target victims, according to the report. The 419 scams typically involve fraudsters promising the victims a large amount upon payment of relatively smaller up-front payment.
Another common form of phishing fraud is known as a business email compromise. Recently, researchers at the security firm Agari uncovered a cybercriminal gang that uses tweaked business emails to target vendors or suppliers with phishing emails
Researchers at Palo Alto Networks’ Unit 42 recently released an analysis that ties the surge in business email scams to Nigerian threat actors, with some gangs even incorporating malware into their schemes.