Nigerian in US Pleads Guilty to Payroll Deposit Theft via Computer Fraud

Nigerian national Charles Onus recently pleaded guilty to stealing payroll deposits from several users of a payroll and HR company’s platform via computer fraud, according to US Attorney for the Southern District of New York Damian Williams.

Onus allegedly started the scheme in July 2017; until his arrest, he compromised some 5,500 user accounts and siphoned a total of $800,000. According to the court statements and indictment, the attacker stole payroll deposits from impacted user accounts by redirecting salary payments to debit cards under his possession.

Authorities arrested Onus in San Francisco in April 2021, after the suspect flew in from Abuja, Nigeria. The defendant has pleaded guilty to one count of cyber intrusion for accessing foreign computer networks fraudulently.

The threat actor relied on credential stuffing attacks to compromise user accounts and gain unauthorized access, letting him divert the stolen funds.

In credential stuffing, the perpetrators automatically inject stolen credentials (username-password pairs) into website login forms to gain access to them. Considering that many users have the same username-password combination for several websites, attackers can use leaked credentials as a skeleton key to compromise other accounts as well.

In most cases, success is guaranteed in credential stuffing attacks, as the method doesn’t involve guessing or brute-forcing the passwords.

Despite their efficacy, credential-stuffing attacks are easy to mitigate with a password manager. This tool can help you set a diverse set of credentials instead of reusing the same username-password combo for multiple accounts.

Also, using Multi-Factor Authentication (MFA) prevents unauthorized logins to compromised accounts. Without the additional authentication factor, be it your fingerprint, SMS code or authenticator key, perpetrators can’t log in, even if they have your credentials.

To reduce the impact of credential-stuffing attacks, it’s also recommended you keep track of your vulnerable data and act as soon as possible should you identify any leaked credentials. Bitdefender’s Digital Identity Protection can help you monitor your data by constantly scanning the web for unauthorized leaks and helping you take the best course of action to prevent potential attacks.