Nigerian email scam? —

FBI nabs Nigerian business scammer who allegedly cost victims millions

“Business email compromise” scams cost US companies billions, the FBI says.

A smiling man leans against an expensive car parked in front of a private jet.
Enlarge / Ray "Hushpuppi" Abbas poses in front of a private jet in a 2019 Instagram photo. "It’s a different type of GLOW and STANDARD when you start hopping out of Rolls Royces to catch a Jet just to attend fashion shows in a different continent," he wrote. "Your smile begin to be bright just as the sun."

The US government has gained custody of a Nigerian man who is accused of participating in a massive fraud and money laundering operation. The defendant, Ray "Hushpuppi" Abbas, has amassed 2.4 million followers on Instagram, where he flaunts his access to luxury cars, designer clothing, and private jets. The feds say that he gained this wealth by defrauding banks, law firms, and other businesses out of millions of dollars. He was arrested last month by authorities in the United Arab Emirates, where he had been living.

The FBI's criminal complaint details how the government obtained a wealth of information tying Abbas to his alleged crimes. Abbas was an avid user of American technology platforms, including Instagram, Gmail, iCloud, and Snapchat. Accounts on these platforms were all registered using a handful of common email addresses and phone numbers. Abbas's main email account—rayhushpuppi@gmail.com—included a copy of Abbas' lease at a luxury hotel in Dubai and scans of various government-issued photo IDs under Abbas' name.

Abbas is accused of participating in a number of "business email compromise" scams. By posing as trusted employees or customers of a target organization, Abbas and his fellow fraudsters allegedly tricked employees into sending large sums to bank accounts they controlled.

In one incident detailed in the FBI complaint, Abbas and two co-conspirators allegedly defrauded a law firm in New York state. The firm needed to wire more than $900,000 on behalf of a client who was closing a real estate deal. The fraudsters tricked a paralegal into sending email to a fake address purporting to belong to Citizens Bank. The fraudsters responded by faxing instructions for wiring cash to an account they controlled. A law firm employee attempted to "confirm" the instructions by calling the phone number on the form—but that number was controlled by the scammers. By the time the law firm noticed the funds hadn't made it to the intended destination account, it was too late to get it back.

In another incident, an overseas bank "suffered a computer intrusion and cyber-heist in which approximately €13 million ($14.7 million) was fraudulently wired" from the victim bank to bank accounts in other countries.

The FBI hasn't accused Abbas of personally infiltrating victim companies. Rather, his alleged role was to find bank accounts that could accept millions of dollars in stolen cash without raising red flags. Abbas provided co-conspirators with wire information for accounts in Romania, Bulgaria, Dubai, Mexico, and elsewhere.

The FBI was able to obtain minute-by-minute documentation of Abbas' participation in these schemes via their text messages and other online communications. One key source: the FBI apparently gained access to the iPhone of an Abbas associate who was arrested at a US airport last October.

The Justice Department says that, after arresting Abbas last month, UAE authorities expelled him to the United States, where he arrived on Thursday. He made his initial court appearance in Chicago on Friday. The FBI says that business-email compromise scams—by Abbas and others—cost companies at least $1.7 billion in 2019 alone.

Channel Ars Technica