Nigerian charged in W-2 phishing attacks on school districts in Connecticut and Minnesota
A Nigerian man has been arrested for his alleged role in W-2 phishing attacks on school districts that resulted in tax refund fraud. On Friday, the U.S. Attorney for Connecticut issued the following press release:
Deirdre M. Daly, United States Attorney for the District of Connecticut, Patricia M. Ferrick, Special Agent in Charge of the New Haven Division of the Federal Bureau of Investigation, and Joel P. Garland, Special Agent in Charge of IRS Criminal Investigation in New England, today announced that DANIEL ADEKUNLE OJO, 33, a citizen of Nigeria residing in Durham, N.C., was arrested yesterday on a federal criminal complaint charging him with fraud and identity theft offenses stemming from a scheme to obtain the personal identifying information of school employees in Connecticut and elsewhere.
Following his arrest at his Durham residence, OJO appeared before a U.S. magistrate judge in Greensboro, N.C., and was ordered detained pending his transfer to the District of Connecticut.
As alleged in the criminal complaint, special agents from the FBI’s cybercrime squad in New Haven and the IRS have been investigating “phishing” emails that were sent to various school districts in Connecticut earlier this year.
In February 2017, an employee of the Glastonbury Public Schools received an email that appeared to be sent by another Glastonbury school system employee. The email contained a request to send W-2 tax information for all employees of the school system. The recipient of the email responded by sending copies of the W-2 information for approximately 1,600 Glastonbury Public Schools employees. After the W-2 information was emailed, approximately 122 suspicious Forms 1040 were filed electronically with the IRS in the names of victims of the Glastonbury phishing scheme. The 122 tax returns claimed tax refunds totaling $596,897. Approximately six of the returns were processed, and $36,926 in fraudulently-obtained funds were electronically deposited into various bank accounts.
The complaint alleges that OJO controlled or used an aol.com email account and a gmail.com email account involved in this phishing scheme, and that he participated in the scheme to obtain the Glastonbury school system employees’ personal identifying information and use it for personal gain.
This ongoing investigation also includes phishing incidents that victimized the Groton Public Schools, and the Bloomington Independent School District in Bloomington, Minnesota.
As to the Groton Public Schools, in March 2017, a school system employee emailed copies of the W-2 information for approximately 1,300 employees. After the W-2 information was sent, approximately 66 suspicious Forms 1040 were filed electronically with the IRS in the names of victims of the Groton phishing scheme. The tax returns claimed tax refunds totaling $364,188. The fraudulent tax returns were not processed by the IRS because they were flagged as being part of an identity theft scheme, and no money was released in connection with the returns.
The complaint alleges that OJO entered the U.S. on a visitor’s visa in May 23, 2016, and failed to depart on his scheduled departure date of June 8, 2016.
“Cybercriminals are becoming increasingly cunning in exploiting technology to steal identifying information from unwitting victims,” said U.S. Attorney Deirdre Daly. “Fortunately, our cyber investigators are skilled at cracking these crimes and catching these fraudsters. To help avoid becoming a victim, always remember when you click on a link or send an email, check – and then double check – that the link you’re being asked to open, or the email address you are responding to, is authentic. A single mistake can lead to a lot of misery. I commend the FBI cybercrime squad and IRS for quickly bringing this individual to justice. This investigation is ongoing.”
“The individuals that conduct these phishing schemes have one goal: To steal personal information for financial gain,” said FBI Special Agent in Charge Ferrick. “This case is particularly disturbing due to the methods used and the targeted victims. Cybercrimes are on the rise so we need corporations and the general public to be cognizant of their day to day computer use and vulnerabilities. We will continue to utilize our best resources and top law enforcement personal to bring cybercriminals to justice.”
“Investigating identity theft and refund fraud is a top priority for IRS Criminal Investigation,” said Special Agent in Charge Garland. “Stealing identities and filing false tax returns is a serious crime that harms innocent taxpayers. This arrest, in cooperation with the FBI and U.S. Attorney’s Office, should serve as a strong warning to those who are considering similar conduct. Law enforcement will aggressively pursue cyber-criminals who undermine the integrity of the U.S. tax system.”
The complaint charges OJO with conspiracy to commit wire fraud, an offense that carries a maximum term of imprisonment of 20 years, and aggravated identity theft, an offense that carries a mandatory consecutive term of imprisonment of at least two years.
U.S. Attorney Daly stressed that a complaint is only a charge and is not evidence of guilt. Charges are only allegations, and a defendant is presumed innocent unless and until proven guilty beyond a reasonable doubt.
This matter is being investigated by the Federal Bureau of Investigation and the Internal Revenue Service, Criminal Investigation Division, with the assistance of the Durham (N.C.) Police Department. The case is being prosecuted by Assistant U.S. Attorney Sarala V. Nagala, with the assistance of the U.S. Attorney’s Office for the Middle District of North Carolina.