Five Men Linked to ‘Scattered Spider’ Crime Ring Face Prison

United States law enforcement has unsealed criminal charges against five defendants who allegedly targeted staff from breached organizations to phish their access credentials and steal company data and millions in crypto.

The defendants…

Ahmed Hossam Eldin Elbadawy, 23, a.k.a. “AD,” of College Station, Texas;
Noah Michael Urban, 20, a.k.a. “Sosa” and “Elijah,” of Palm Coast, Florida;
Evans Onyeaka Osiebo, 20, of Dallas, Texas;
Joel Martin Evans, 25, a.k.a. “joeleoli,” of Jacksonville, North Carolina; and
Tyler Robert Buchanan, 22, of the United Kingdom

… are charged with conspiracy to commit wire fraud, conspiracy, and aggravated identity theft. They have not pleaded guilty.

Reports say the five defendants are linked to the ‘Scattered Spider’ crime ring (more on that below).

Typical ‘smishing’

Court documents say that, from at least September 2021 to April 2023, the defendants sprayed the staff of previously breached companies with SMS phishing lures to obtain their corporate access credentials.

“The defendants conducted phishing attacks by sending mass short message service (SMS) text messages to mobile phones of numerous victim companies’ employees – messages that purported to be from the victim company or a contracted information technology or business services supplier of the victim company,” the US Justice Department explains in its press release.

The “smishing” messages stated that the employee’s account was about to be deactivated, and it provided a link to a website rigged to look like a legitimate company portal, or a supplier’s portal, to lure the victim into providing confidential information such as account login credentials.

“Some employees went to the phishing websites, entered their credentials, and sometimes authenticated their identities using a two-factor authentication request sent to their mobile phones,” according to the DOJ.

Access credentials, intellectual property, personal data

The defendants then used the stolen credentials to access the staffers’ accounts and computer systems to steal confidential information, “including confidential work product, intellectual property, and personal identifying information, such as account access credentials, names, email addresses, and telephone numbers,” the DOJ says.

The group allegedly also used stolen information obtained from victim company intrusions to gain unauthorized access to people’s cryptocurrency wallets and steal millions in virtual currency.

If convicted, the defendants face up to 27 years behind bars. As indictments only go so far as to allege crimes, the defendants are presumed innocent unless proven guilty in court.

The group is said to have ties to the ‘Scattered Spider’ cybercrime syndicate, which gained notoriety for hacking two of the largest casinos in the US – Caesars Entertainment and MGM Resorts International in September 2023.

Keep scammers at bay

Earlier this year, Bitdefender published a comprehensive guide about text-based scams and how to protect yourself.

Read: Got a Strange Text? 5 Signs That You’re Being Scammed (and How to Protect Yourself)

According to the results in the Bitdefender 2024 Consumer Cybersecurity Assessment Report, text-based scams are the most common threat consumers face today. Yet four in five netizens make sensitive transactions on their phones without adequate cybersecurity practices – all while saying they most fear hackers accessing their money.

If you're suspicious about a certain phone call, email or SMS, consider using Scamio, our clever scam-fighting chatbot designed specifically to combat socially engineered attacks on your phone or computer.

Simply describe the situation to our chatbot and let it guide you to safety. Scamio provides a fast and efficient way to find out if you’re being conned. You can share with Scamio the exact thing you want to check: a screenshot, PDF, QR code or link. Scamio lets you know in seconds if it’s a scam. Use it anywhere via web browser, Facebook Messenger, or WhatsApp.