Abidemi Rufai, a senior special assistant to Ogun State Governor, was arrested at JFK Airport, New York, on Friday, May 14, over wire fraud.  

According to the Acting US Attorney, Tessa M. Gorman, he had schemed to steal over $350,000 COVID-19 unemployment benefit funds from the Washington State Employment Security Department.

Rufai risks up to $1,000,000 fine and 30-year jail term as the funds cornered were paid in response to a presidentially declared emergency. The US Federal Wire Fraud Law commits anyone found guilty of such offences to a fine and/or imprisonment of not more than 30 years.

A statement released by the US Department of Justice further revealed that the Nigerian politician perpetrated the crime by posing as over 100 Washington residents, filing claims for pandemic-related unemployment benefits via a single e-mail address.

“Rufai used variations of a single e-mail address in a manner intended to evade automatic detection by fraud systems,” the statement reads in part. “By using this practice, Rufai made it appear that each claim was connected with a different email account.”

While the story has travelled far and wide, especially on social media, how a single e-mail was used to file claims for several individuals without detection may yet be unclear to most readers.

The secret behind such wizardry is often the Gmail dot feature. Gmail users are at liberty to add or remove dot (s) from their email address. If [email protected] was a valid email address, its owner would receive messages sent to [email protected]. The same user would receive e-mails sent to [email protected].  Simply put, the inclusion of dots in a Gmail address is immaterial.

However, most emails and websites treat such altered addresses as different accounts. Netflix, for instance, would accept the creation of an account with each of the Google dot addresses above.

Vulnerable Washington citizens were expected to apply for unemployment benefits on the State Employment Security Department website by entering personal details which, as expected, must have included email addresses.

By taking advantage of the said Gmail feature, Rufai most likely entered the same e-mail address with different dot patterns, thus outsmarting an automated detection system.