A 40-year-old man from Northridge, California, was convicted on six counts related to the theft of over $23 million from the U.S. Department of Defense (DoD) through a complex phishing scheme.
Court documents say that in 2018, Sercan Oyuntur and several co-conspirators targeted a corporation that had a contract with the DoD to supply jet fuel to troops operating in southeast Asia.
Specifically, they targeted employees responsible for communicating with the federal government.
“Through a complex phishing scheme, Oyuntur and criminal conspirators in Germany, Turkey, and New Jersey targeted the corporation and the individual so that the conspirators could steal money that DoD intended to pay to the corporation for providing jet fuel,” according to the U.S. Department of Justice.
To do so, Oyuntur and his fellow conspirators created fake email accounts and designed fake web pages to trick the fuel supplier’s employees into believing they were communicating with the General Services Administration’s (GSA) public-facing website.
“These emails appeared to be legitimate communications from the United States government, but were actually sent by the conspirators, and contained electronic links that automatically took individuals to the phishing pages,” according to the DOJ. “There, they saw what appeared to be a GSA website and were prompted to enter their confidential login credentials, which were then used by the conspirators to make changes in the government systems and ultimately divert money to the conspirators.”
Based on the fraudulent activities of Oyuntur and his conspirators, on October 10, 2018, the DoD transferred $23.5 million into accounts controlled by the perpetrators.
Oyuntur was convicted on April 28, 2022, of one count of conspiracy to commit wire, mail and bank fraud; two counts of bank fraud; one count of using an unauthorized access device to commit fraud; one count of aggravated identity theft; and one count of making false statements to federal law enforcement officers. The conspiracy and bank fraud counts each carry a maximum potential penalty of 30 years in prison.
tags
Filip has 15 years of experience in technology journalism. In recent years, he has turned his focus to cybersecurity in his role as Information Security Analyst at Bitdefender.
View all postsNovember 14, 2024
September 06, 2024