The Federal Bureau of Investigation (FBI) has arrested a Nigerian, Charles Onus, for allegedly participating in a scheme that diverted the funds of about 5,500 workers.
According to the Manhattan U.S. Attorney, Audrey Strauss: “Charles Onus allegedly participated in a scheme that stole nearly $1 million by hacking into a payroll processing company’s system to access user accounts and divert payroll to prepaid debit cards he controlled.
According to the allegations filed against Onus in the federal court.
“From at least in or about July 2017 through at least in or about 2018, ONUS participated in a scheme to conduct cyber intrusions of multiple user accounts maintained by a company that provides human resources and payroll services to employers across the United States (the “Company”), in order to steal payroll deposits processed by the Company.
“During the course of the scheme, unauthorized access was obtained to over 5,500 Company user accounts through a cyber intrusion technique referred to as “credential stuffing.” During a credential stuffing attack, a cyber threat actor collects stolen credentials, or username and password pairs, obtained from other large-scale data breaches of other companies.
“The threat actor then systematically attempts to use those stolen credentials to obtain unauthorized access to accounts held by the same user with other companies and providers, to compromise accounts where the user has maintained the same password.
“After Onus successfully gained unauthorized access to a Company user account, he changed the bank account information designated by the user of the account so that he would receive the user’s payroll to a prepaid debit card that was under his control.”
