A 40-year-old man from Northridge, CA., was convicted on six counts connected to the theft of over $23 million from the US Department of Defense (DoD) through a phishing scheme.
According to court documents, Sercan Oyuntur and several co-conspirators targeted a corporation in 2018 that had a contract with the DoD to supply jet fuel to troops in southeast Asia.
They specifically targeted employees who were responsible for communicating with the federal government.
“Through a complex phishing scheme, Oyuntur and criminal conspirators in Germany, Turkey, and New Jersey targeted the corporation and the individual so that the conspirators could steal money that DoD intended to pay to the corporation for providing jet fuel,” said the US Department of Justice (DOJ) in a press release on April 29.
In order to pull off this scheme, Oyuntur and his associates created fake email accounts and designed fraudulent web pages to deceive the fuel supplier’s employees into believing they were communicating with the General Services Administration’s (GSA) public-facing website.
“These emails appeared to be legitimate communications from the United States government, but were actually sent by the conspirators, and contained electronic links that automatically took individuals to the phishing pages,” added the DOJ. “There, they saw what appeared to be a GSA website and were prompted to enter their confidential login credentials, which were then used by the conspirators to make changes in the government systems and ultimately divert money to the conspirators.”
Based on the fraudulent activities of Oyuntur and his associates, on Oct. 10, 2018, the DoD transferred $23.5 million into accounts controlled by the cybercriminals.
Oyuntur was convicted on April 28 of one count of conspiracy to commit wire, mail and bank fraud; two counts of bank fraud; one count of using an unauthorized access device to commit fraud; one count of aggravated identity theft; and one count of making false statements to federal law enforcement officers.
The conspiracy and bank fraud charges each carry a maximum potential prison sentence of 30 years.