Nigerian Scammer Gets 12 Years in Prison after Making $2 Million off of Netizens’ Leaked Login Data

A Nigerian national has been sentenced to 12 years in prison after swindling US citizens out of millions of dollars through wire fraud, romance scams and money laundering.

42-year-old Bamidele Omotosho of Nigeria regularly bought access credentials (i.e. usernames and passwords) and stolen personal identifying information (PII) of US citizens, including names, dates of birth, and Social Security Numbers, on xDedic, a darknet criminal marketplace that has since been seized and shut down.

Stolen login credentials

In June 2017, Omotosho and unnamed co-conspirators used stolen access data to hack into the Employees Retirement System of Texas (ERS) web portal.

Omotosho and his partners then created fraudulent accounts and diverted retirement payments meant for legitimate ERS participants into their own accounts.

A year later, the fraudsters gained access to the networks of several accounting firms in the United States, including in the Western District of Texas (WDTX) and the Middle District of Florida (MDFL). With that access, Omotosho and his crew obtained the PII of accounting firm clients, which they used to file fraudulent tax returns with the IRS.

During the same time, the fraudsters pursued identity theft schemes using stolen PII to conduct romance fraud and apply for credit cards, swindling vulnerable victims out of their savings. Prosecutors also noted a business e-mail compromise incident against a pharmaceutical company that inflicted a loss of $250,000.

To cash in on their multi-faceted scams, Omotosho and his co-conspirators laundered their proceeds by depositing them onto prepaid debit cards or into accounts at financial institutions they had opened with the very PII they’d stolen in their schemes or bought on the underground web.

To blur the paper trail of their earnings, they also bought used cars and shipped them to Nigeria for resale.

In all, Omotosho and his fellow scammers are said to have conducted six different fraudulent schemes totalling over $7.5 million in intended losses and over $2 million in actual losses.

Omotosho pled guilty in late 2022, including to charges of conspiracy to commit wire fraud, conspiracy to commit money laundering, and computer intrusion.

It took the US justice system almost two years to finally convict the scammer, and ultimately sentence him this week to 12 years and 7 months in federal prison. The court ordered Omotosho to pay $2 million in restitution to his victims, according to the US Department of Justice.

Keep scammers at bay

As we note in the Bitdefender 2024 Consumer Cybersecurity Assessment Report, netizens' biggest cybercrime fear is having their money stolen. Yet people generally avoid even the easy steps that could help keep fraudsters at bay.

Asked how many accounts they manage on average, respondents in our survey were most likely to have 3 to 5 online accounts (35%), though 31% said they had six or more.

Credit: Bitdefender

Respondents likely considered only the accounts they use regularly – like social media, music & video streaming, utilities, etc. – not so much the ones they created on a whim, to enjoy a quick service or for a one-off purchase, and forgot about.

Unless we go to the trouble of updating old passwords or deleting old accounts, those access credentials eventually get caught up in data leaks or find their way onto underground hacker forums.

It’s important for e-citizens to consider this at a time when data breaches have become a daily occurrence – especially affecting those who give in to the convenience of using a single password for multiple accounts.

Anyone affected by a data breach should consider a data monitoring service. Bitdefender Digital Identity Protection lets you find out if your data has leaked online, what type of information was compromised, what risks you face, and whether your information is up for sale on the dark web.

Bitdefender recently published a straightforward guide on how to exercise good cybersecurity hygiene to combat the rising tide of scams targeting regular folk.

Read: Make It Hard for Scammers to Get You! Use These Seven Vital Tips.

Finally, consider using Scamio to combat socially engineered attacks on your finances. If you're suspicious about a certain phone call, email or SMS, Scamio provides a fast and efficient way to find out if you’re being conned. Simply describe the situation to our clever chatbot and let it guide you to safety. You can share with Scamio the exact thing you want to check: a screenshot, PDF, QR code or link. Scamio lets you know in seconds if it’s a scam. Use it anywhere via web browser, Facebook Messenger, or WhatsApp. Scamio is localized for use in the USA, France, Germany, Spain, Italy, Romania, Australia and the UK.