In the evening of Friday May 14, Abidemi Rufai, a Nigerian politician, was arrested at JFK Airport, New York, over a scheme to steal more than $350,000 unemployment benefit fund from the Washington State Employment Security Department.
As a result of COVID-19 crisis which was eating deep into US economy and forcing millions out of work, many states had reduced the waiting period for paying unemployment benefits to citizens. And behind the rush stood fraudsters, deploying well-orchestrated schemes to rip vulnerable states of a good chunk of relief funds.
Rufai, aka Sandy Tang, was said to have stolen identities of over 100 Washington residents to file benefit claims, using different variations of a single e-mail account. On Tuesday, FIJ detailed how such crimes are perpetrated using ‘Gmail dot’ feature.
Rufai’s case is, however, not a solo pandemic-related e-mail compromise fraud traced to Nigerians. Ramon Abbas, aka Hushpuppi, and his gang were tracked and arrested in Dubai, United Arab Emirate, on June 10, 2020, for a similar crime.
LIKE HUSHPUPPI LIKE SANDY TANG
Quite like Hushpuppi, a well-known socialite, fashionista and social media luxury lifestyle sensation, Rufai seizes opportunities to flaunt his massive wealth. In a video widely circulated on Twitter, an Arabian-dressed Rufai was seen dancing and carelessly spraying dollars.
Huspuppi and Rufai were both arrested for email and COVID-19 related scam. The Hushpuppi-led gang had allegedly hacked corporate e-mails and sent fake messages to clients, redirecting financial transfers and bank details to members’ accounts. At the time of its arrest, the gang had made $35m (about N168b) from 1,926,400 incubator buyers.
In trying to explain the source of his massive wealth, which many believe could not have come from a legitimate means, Hushpuppi had said he dealt in real estate.
On his Instagram handle, Rufai also refers to himself as a ‘real estate mogul’. Identification with real estate may be more than meets the eye as revealed in a 2019 investigation by US security firm Agari.
SCATTERED CANARY: THE AGARI INVESTIGATION
In 2019, Agari, a Carlifornia-based cyber security firm, published a report on a Nigerian crime ring it named Scattered Canary. The Business Email Compromise (BEC) enterprise, which started as a one-man 419 startup in Nigeria around 2008, had grown into a 35-man enterprise at the time of the investigation.
According to Agari, key members of the syndicate were able to attract more skilled players by flaunting their wealth, a habit Hushpuppi and Rufai are known for.
“Due to their agile working practices, they have been able to bring in extra skilled “staff” at a moment’s notice, typically by flaunting their wealth to display the trappings of their success,” the report reads in part.
“Trust encourages a nepotistic approach to candidate selection, and many relationships are formed while still in the Nigerian education system where talent is easily spotted, and where recruitment can flourish naturally.”
The Agari investigation also links Scattered Canary to the ‘real estate’ industry, where it had hijacked over $1billion.
US SECRET SERVICE MEMO AND THE ARREST OF HUSHPUPPI, RUFAI
A memo released on Thursday, May 14, 2020, and traced to the US Secret Service, stated that a Nigerian wire fraud ring was responsible for a “well-orchestrated” COVID-19 related scam.
According to the memo, the group was targeting unemployment insurance programMEs, exploiting the vulnerability brought about by the pandemic.
On May 21, 2020, a week after the memo was released, Agari revealed that “some if not all” of those who committed the fraud were part of Scattered Canary, and in less than a month, Hushpuppi was arrested in Dubai for onward extradition to the US.
US authorities also revealed on Friday that Rufai’s arrest might lead to many more, suggesting that it wasn’t a one-man crime.
All this may be pointing to the fact that Hushpuppi and Rufai belong in the same cyber crime group, the Scattered Canary.
Be the first to receive special investigative reports and features in your inbox.