British-Nigerian Singer Accused of Stealing Over $5,000,000 from U.S Institutions
British-Nigerian singer Idris Dayo Mustapha has been charged for cybercrime activities in New York, U.S. He was accused by the U.S. Department of Justice of committing cybercrime activities between 2011 and 2018 resulting in financial loss of over $5,000,000 on U.S institutions.
The 32 year old was said to have been conducting unauthorized stock trades from the victim’s account after gaining access to their email usernames and passwords. it was reported from a 10-count complaint on Tuesday that he used phishing attacks to obtain people’s credentials.
By accessing the email, he was able to gain access to the victim’s confidential information and further his activities.
According to further reports, the Lagos native, Mustapha, had teamed up with a Lithuanian to conduct these operations. The conspirators performed various transactions using other people’s brokerage accounts and conducted social engineering against financial institution employees, requesting wire transfers to overseas bank accounts.
Once banks start blocking transfers, they will make unauthorized stock transactions from the victim’s account while at the same time making profitable trades in the same stock from their own accounts.
The U.S. Attorney, Breon Peace, stated that the defendant was part of a nefarious group that caused millions of dollars in losses to victims by engaging in a litany of cybercrimes, including widespread hacking, fraud, brokerage accounts, and trading in the names of the victims.
U.S. Court Orders Asset Freeze
In 2016, the U.S. Security and Exchange Commission won an asset freeze against Mustapha in a Manhattan civil lawsuit also concerning his alleged hacking of brokerage accounts. He was arrested in the United Kingdom in August 2021 after having caused financial damages of over $5,000,000.
The United States is currently trying to extradite Mustapha from the United Kingdom to face trial in the District Court located in New York. He has been charged with wire fraud, computer intrusion and breach, aggravated identity theft, and access device fraud with a minimum penalty of 20 years imprisonment.