DOJ: Nigerian Hacker Targeted Federal Employees in $1M Scheme

DRogatnev/Shutterstock

Featured eBooks

The Government's Artificial Intelligence Reality
What’s Next for Federal Customer Experience
Cloud Smarter

A Nigerian national appeared in court Thursday facing charges over a $1 million phishing scheme that targeted vendors under the General Services Administration.

A Nigerian man accused of using an email phishing scheme to steal login information from government employees appeared in federal court Thursday.

According to the September 28 indictment, Olumide Ogunremi and other conspirators employed phishing attacks in 2013 to trick a number of employees at the Environmental Protection Agency and the Commerce Department into providing their usernames and passwords. The hacking ring created fake but realistic-looking emails and web pages to dupe feds into revealing their credentials.

Then, according to the indictment, the hacking ring used the stolen credentials “to place fraudulent orders for office products,” often bland items such as printing cartridges, from vendors authorized to do business under the General Services Administration. Items were shipped to New Jersey—to facilities Ogunremi controlled—where items were repackaged, shipped overseas to Nigeria and sold on the black market for profit. Altogether, the scheme netted almost $1 million in profit, according to the Justice Department.

Ogunremi, who is not a Nigerian prince, pleaded not guilty to one count of conspiracy to commit wire fraud.

Phishing attacks are the most common form of cyberattacks faced by the federal government. Pentagon email systems, for example, thwart some 36 million phishing-related emails each day. In recent months, agencies have taken a proactive approach, alerting the public of potential phishing schemes before they blow up. In August, the IRS publicized a phishing scheme where fraudsters had created a website similar to IRS.gov in hopes of spreading malware to taxpayers.

In June, the Cybersecurity and Infrastructure Security Agency warned the public that bad actors were purporting to send notification from the cyber agency in another effort to spread malware.