Nigerian Cybercrime Operation Exploits Trojan Horse Malware to Steal Identities and File Fraudulent Tax Refunds

An intricate cybercrime operation reaching across international borders has been uncovered, revealing a plot to pilfer over $8 million through malware exploitation.

At a Glance

  • Two Nigerians executed a cyberattack using Trojan horse malware.
  • The scheme involved fraudulent IRS tax refund claims exceeding $8 million.
  • Multiple criminals implicated, with extradition proceedings underway.
  • Cybersecurity vulnerabilities highlighted across U.S. tax services.

Malware Unleashes Chaos

Two Nigerian cybercriminals used Trojan horse malware to infiltrate tax preparation services across the United States. This breach led to the acquisition of sensitive personal information, which was then used to file more than 1,000 bogus tax returns, claiming more than $8 million in fraudulent IRS refunds. These actions highlight the evolving nature of cyber threats facing institutions today.

The emails employed in the scam targeted tax preparation firms, deceiving them into downloading Warzone RAT malware. This allowed the attackers full access to taxpayer information, which allowed them to submit false refund claims. The scheme was carried out over a five-year span, from 2016 to 2021.

Arrests Made

Authorities arrested Matthew Akande at London’s Heathrow Airport in October. The U.S. is now seeking his extradition as they continue to pursue his co-conspirators. Meanwhile, Kehinde Oyetunji has reached a plea deal, with his indictment currently sealed until Akande’s case concludes. This investigation shines a light on the need for international cooperation in addressing the growing epidemic of cross-border cybercrime.

Further investigations revealed co-conspirators in the ring managed to launder money through Mexican channels, taking a cut of the proceeds along the way. The scam not only applied for more than $8.1 million in false refunds but succeeded in collecting more than $1.3 million.

Unfolding Implications

Five Nigerian nationals have been charged so far in the scheme. The identities that were stolen have been used to not only claim tax refunds but also open bank accounts and obtain credit cards. Among the victims were ordinary citizens and large financial institutions such as PNC Bank.

“We have dismantled a massive stolen identity fraud ring in which the perpetrators used person identifying information stolen off the Internet to open bank accounts, obtain credit cards, and steal millions of dollars from the U.S. Treasury by filing fake tax returns,” U.S. Attorney David Hickton said.

This case is a stern reminder of the vulnerabilities within the country’s systems as the world turns more and more to digital means. As strategies deployed by these criminals evolve, so too must the countermeasures employed by financial institutions, highlighting the essential need for updated cybersecurity protocols to avoid further exploitation.