Federal authorities Wednesday unveiled charges against five individuals accused of orchestrating phishing scams targeting employees of companies across the U.S.
The suspects allegedly used fraudulent text messages to obtain employee login credentials, which they then exploited to steal sensitive company data and hack virtual currency accounts, netting millions in cryptocurrency thefts, officials stated.
The defendants face a federal grand jury indictment for conspiracy to commit wire fraud, conspiracy, and aggravated identity theft.
- Ahmed Hossam Eldin Elbadawy, 23, a.k.a. “AD,” of College Station, Texas;
- Noah Michael Urban, 20, a.k.a. “Sosa” and “Elijah,” of Palm Coast, Florida;
- Evans Onyeaka Osiebo, 20, of Dallas, Texas; and
- Joel Martin Evans, 25, a.k.a. “joeleoli,” of Jacksonville, North Carolina.
Evans was arrested Tuesday by the FBI in North Carolina. Meanwhile, Urban, facing separate fraud charges in federal court in Jacksonville, Florida, has pleaded not guilty.
In addition, a newly unsealed criminal complaint charges Tyler Robert Buchanan, 22, of the United Kingdom, with conspiracy to commit wire fraud and aggravated identity theft.
“We allege that this group of cybercriminals perpetrated a sophisticated scheme to steal intellectual property and proprietary information worth tens of millions of dollars and steal personal information belonging to hundreds of thousands of individuals,” said U.S. Attorney Martin Estrada. “As this case shows, phishing and hacking has become increasingly sophisticated and can result in enormous losses. If something about the text or email you received or website you’re viewing seems off, it probably is.”
“The defendants allegedly preyed on unsuspecting victims in this phishing scheme and used their personal information as a gateway to steal millions in their cryptocurrency accounts,” said Akil Davis, the Assistant Director in Charge of the FBI’s Los Angeles Field Office. “These types of fraudulent solicitations are ubiquitous and rob American victims of their hard-earned money with the click of a mouse. I’m proud of our stellar cyber agents whose work led to the identification of the alleged schemers who are facing significant prison time if convicted.”
From September 2021 to April 2023, the defendants allegedly carried out phishing attacks by sending mass SMS messages to employees of various companies, according to court documents.
These messages, posing as the company or its IT or business service providers, claimed employees’ accounts were about to be deactivated and directed them to phishing websites designed to mimic legitimate company sites.
Victims who clicked the links were tricked into entering their login credentials and, in some cases, completing two-factor authentication requests sent to their phones.
The defendants used the stolen credentials to access employee accounts and company systems, stealing sensitive information such as work products, intellectual property, and personal data like login credentials, names, emails, and phone numbers.
The group also exploited stolen data from company breaches, leaked datasets, and other sources to hack cryptocurrency accounts and wallets, stealing millions in virtual currency.
The defendants are presumed innocent unless proven guilty.
If convicted, each defendant faces up to 20 years in federal prison for conspiracy to commit wire fraud, up to five years in federal prison for the conspiracy count, and a mandatory two-year consecutive prison sentence for aggravated identity theft.
Buchanan faces up to 20 years in prison for the wire fraud count as well.
The FBI is investigating these matters.
The U.S. Attorney’s Office for the Eastern District of North Carolina, Police Scotland, and the FBI field offices in Charlotte, Denver, Houston, and Portland assisted in this investigation.
Assistant U.S. Attorneys Lauren Restrepo of the Cyber and Intellectual Property Crimes Section and Sue J. Bai of the Terrorism and Export Crimes Section are prosecuting these cases.