Federal prosecutors in the United States have filed charges against five individuals accused of carrying out a complex phishing and hacking operation that targeted employees of companies across the country.
According to authorities, the scheme led to the theft of intellectual property, sensitive corporate data, and millions of dollars in cryptocurrency, including $6.3 million stolen from a single victim.
Details of the Alleged Scheme
The alleged operation, which spanned nearly two years from September 2021 to April 2023, used deceptive tactics to obtain login credentials and gain unauthorized access to corporate systems and cryptocurrency wallets.
Court documents reveal that the defendants used mass text messages as their primary method to deceive victims. These phishing messages were created to appear as urgent alerts from employees’ companies or service providers warning that their accounts were at risk of deactivation.
Recipients were then directed to fake websites designed to resemble legitimate corporate portals. Unsuspecting employees who entered their credentials on these websites provided the hackers with the information needed to breach internal systems.
Prosecutors allege that the stolen data, which included intellectual property and personal identifying information such as account credentials and email addresses, was used to access crypto accounts and steal millions in virtual assets.
Arrests and Charges
The defendants have been identified as Ahmed Hossam Eldin Elbadawy, 23, of College Station, Texas; Noah Michael Urban, 20, of Palm Coast, Florida; Evans Onyeaka Osiebo, 20, of Dallas, Texas; Joel Martin Evans, 25, of Jacksonville, North Carolina; and Tyler Robert Buchanan, 22, from the United Kingdom.
They face several charges, including conspiracy to commit wire fraud, conspiracy, wire fraud, and aggravated identity theft. If convicted, the group faces up to 20 years in federal prison for conspiracy and wire fraud charges and a mandatory two-year sentence for identity theft.
“This group of cybercriminals executed a sophisticated scheme to steal intellectual property and personal data worth tens of millions,” said U.S. Attorney Martin Estrada.
He urged the public to remain cautious, warning that phishing and hacking tactics are becoming increasingly sophisticated.
FBI Assistant Director Akil Davis emphasized the scale of the crime, noting that the defendants preyed on victims’ trust to steal sensitive data and cryptocurrency.
Phishing schemes have become increasingly common in crypto, with many individuals falling victim this year. Scam Sniffer’s February report highlighted that many of these exploits originated on X, where impersonated accounts posted deceptive comments to lure users to fake sites.
In one notable case from October, a crypto investor lost $36 million in crypto. Security experts identified it as a “permit phishing scam,” in which the attacker tricked the victim into signing a malicious signature. This action granted them full access to the investor’s funds.
This article first appeared at CryptoPotato