California Man Convicted Over $23 Million Phishing Scheme

Colin Thierry Colin Thierry
Published on: May 6, 2022
California Man Convicted Over $23 Million Phishing Scheme

A 40-year-old man from Northridge, CA., was convicted on six counts connected to the theft of over $23 million from the US Department of Defense (DoD) through a phishing scheme.

According to court documents, Sercan Oyuntur and several co-conspirators targeted a corporation in 2018 that had a contract with the DoD to supply jet fuel to troops in southeast Asia.

They specifically targeted employees who were responsible for communicating with the federal government.

“Through a complex phishing scheme, Oyuntur and criminal conspirators in Germany, Turkey, and New Jersey targeted the corporation and the individual so that the conspirators could steal money that DoD intended to pay to the corporation for providing jet fuel,” said the US Department of Justice (DOJ) in a press release on April 29.

In order to pull off this scheme, Oyuntur and his associates created fake email accounts and designed fraudulent web pages to deceive the fuel supplier’s employees into believing they were communicating with the General Services Administration’s (GSA) public-facing website.

“These emails appeared to be legitimate communications from the United States government, but were actually sent by the conspirators, and contained electronic links that automatically took individuals to the phishing pages,” added the DOJ. “There, they saw what appeared to be a GSA website and were prompted to enter their confidential login credentials, which were then used by the conspirators to make changes in the government systems and ultimately divert money to the conspirators.”

Based on the fraudulent activities of Oyuntur and his associates, on Oct. 10, 2018, the DoD transferred $23.5 million into accounts controlled by the cybercriminals.

Oyuntur was convicted on April 28 of one count of conspiracy to commit wire, mail and bank fraud; two counts of bank fraud; one count of using an unauthorized access device to commit fraud; one count of aggravated identity theft; and one count of making false statements to federal law enforcement officers.

The conspiracy and bank fraud charges each carry a maximum potential prison sentence of 30 years.

About the Author

Colin Thierry
Colin Thierry
Cybersecurity researcher and journalist
Published on: May 6, 2022

About the Author

Colin Thierry is a cybersecurity researcher and journalist who has written a wide variety of content for the web over the past 2 years. In his free time, he enjoys spending time outdoors, traveling, watching sports, and playing video games.