FBI arrests Famous Instagrammer Ray Hushpuppi over $125m BEC scam

Ray Hushpuppi also targeted the English Premier League soccer club…
FBI arrests Famous Instagrammer Ray Hushpuppi over $125m BEC scam
Ray Hushpuppi wanted (Image: Dubai police YouTube)

One of Ray Hushpuppi’s targets was the English Premier League soccer club from which he tried to steal £100m (approximately $125 million).

Roman Abbas, aka Ray Hushpuppi, is a famous Nigerian social media star and followed by millions on Instagram where he often posts about his lavish lifestyle. Perhaps this has landed him into trouble, as law enforcement authorities were skeptical of how he became super-rich, and further probe led to some startling revelations about the Nigerian Instagrammer. 

These days, Hushpuppi is in hot waters as a US court has charged him for running a global BEC scam and targeting a Premier League Club to steal £100 million which is approximately $125 million.

Reportedly, the FBI was investigating the involvement of the 37-year-old Instagrammer in money laundering and BEC scams for months. They could track Hushpuppi’s movement by following his posts on his Instagram account, which has over 2.4 million followers. 

Hushpuppi regularly posted on Instagram, and he was always dressed in high-end designer clothing, wore expensive watches, and traveled in charter jets or luxury cars.

See: BEC attack: Nikkei employee transfers $29 million to scammers

The law enforcement officials suspected that Abbas was financing his lavish lifestyle through illegal means of earning. His last Instagram post in June shows a Rolls-Royce with the hashtag AllMine and this caption from Hushpuppi:

“May success and prosperity not be a ‘once upon a time’ story in your life.”

According to the US Justice Department’s press release, Dubai police also collaborated with the FBI in Operation Fox Hunt 2. Last month Hushpuppi was arrested in Dubai and transported to the US, where he was presented in a Chicago court. 

According to court documents seen by Hackread.com, Ray Hushpuppi was operating a BEC (business email compromise) scheme through which he hacked corporate emails, and tricked company employees into transferring money to his accounts.

See: Hackers use Github bot to steal $1,200 in ETH within 100 seconds

Moreover, Ray Hushpuppi is accused of laundering millions of dollars that he stole through various scams and computer hackings. Some of his targets included U.S. law firm, a foreign bank, and the English Premier League soccer club.

“Abbas and others further conspired to launder hundreds of millions of dollars from other fraudulent schemes and computer intrusions, including one scheme to steal £100m (approximately $124m) from an English Premier League soccer club,” The DoJ stated.

The Dubai Police presented a video that shows officers storming inside Hushpuppi’s residence to arrest him while he slept. A series of coordinated raids followed suit; the police claim to have also arrested around a dozen alleged accomplices of Hushpuppi. If found guilty Hushpuppi may receive up to 20 years of jail time.

Tim Bandos, Vice President of Cybersecurity at Digital Guardian told Hackread.com that, “Because these highly lucrative attacks are succeeding, they will continue to attract more groups willing to attempt their methods. It’s time that businesses consider applying security to their business practices because IT security tools are not infallible against human behavior,” Bandos warned.
“As an example, train your staff to require third party validation for any financial transaction or introduce payment procedures requiring multiple sets of independent eyes. Malicious individuals are abusing the fact that junior staff implicitly trust their seniors and act quickly as instructed. You must put in place processes and beliefs that when unordinary requests come through they should be questioned,” Bandos emphasized.

BEC which is also known as “cyber-enabled financial fraud attacks” is part of a sophisticated scam in which cybercriminals target companies or employees dealing with finance and perform regular wire transfer payments.

In the second phase of the attack, cybercriminals attempt to get their hands on email addresses of these employees and impersonate as a business partner or key employee and send fraudulent requests for checks rather than wire transfers.

Last year, a US Judge was tricked into sending $1 million to a bank account in China. In the scam, cybercriminals pretended to be her lawyer asking to send money to a bank account. Following the instruction, she wired $1,057,500 to the bank account in China rather than her lawyer.

In another incident, Google and Facebook were also tricked by a Lithuanian man who impersonated as an employee of a famous Asian company. The scammer was using phishing emails to collect the details of wire transactions and other relevant details just to make his case more believable – In the end, he scammed both companies with $100 million.

Did you enjoy reading this article? Do like our page on Facebook and follow us on Twitter.

Related Posts