This article is more than 1 year old
Four suspects cuffed, face extradition over tax refund scam plot
RDP servers allegedly raided in hunt for personal info to exploit
Four men suspected of plotting to commit wire fraud and identity theft have been arrested and now face extradition to America.
It is alleged they conspired to break into US companies' servers, steal people's personally identifiable information (PII), use that info to file fraudulent tax returns to Uncle Sam, and collect victims' tax refunds.
In newly unsealed indictments, the Feds also ordered the four to forfeit any property and other assets that can be traced to any ill-gotten gains. Nigerian citizens Akinola Taylor and Kazeem Olanrewaju Runsewe, along with UK citizen Olayemi Adafin, were arrested on November 30 in London (Taylor and Adafin) and Sweden (Runswewe). Another Nigerian, Olakunle Oyebanjo, was arrested a day later in London.
Taylor and Runsewe's residences were also searched.
If convicted, each of the men faces a maximum penalty of 20 years in federal prison for wire fraud, plus additional penalties for filing false claims with the US Internal Revenue Service (IRS), theft of public money or property, and aggravated identity theft.
The conspiracy dates back to early 2017, prosecutors claim in court documents. Around this time, Taylor [PDF] and Runsewe [PDF] allegedly gained unauthorized access to American accounting firms and other businesses' servers via remote-desktop tools.
It's claimed Taylor and Runsewe broke into these systems by buying access to RDP servers from, among other places, the xDedic Marketplace, a website that for years sold credentials to computers worldwide and PII belonging to US residents. At its height, xDedic touted logins for 85,000 systems at a few bucks a pop, allowing fraudsters to bank as much as $70 million from their victims.
An FBI-led global law enforcement operation took down the cyber souk in January 2019.
- Ukrainian crook jailed in US for selling thousands of stolen login credentials
- 'Pig butchering' romance scam domains seized and slaughtered by the Feds
- FTC slaps down Drizly CEO after 2.4m user records stolen from 'careless' booze app biz
- Here's how 5 mobile banking apps put 300,000 users' digital fingerprints at risk
After breaking into companies' servers, the men allegedly exfiltrated PII and used the stolen identities to e-file fraudulent tax forms with the IRS, and have the money flow into prepaid debit cards or bank accounts under the men's control. "These returns fraudulently sought refunds that the conspirators were not entitled to claim," according to prosecutors.
Taylor and Runsewe at least attempted to claim more than $40,000 in fraudulent tax refund requests, according Uncle Sam.
The IRS Cyber Crimes Unit led the investigation with assistance from the FBI and US Department of Justice, and international enforcement agencies including the United Kingdom's National Extradition Unit, the United Kingdom's Eastern Region Special Operation Unit, the United Kingdom's North West Regional Organized Crime Unit, and the Swedish Economic Crime Authority. ®