Security News > 2022 > May > U.S. DoD tricked into paying $23.5 million to phishing actor
The U.S. Department of Justice has announced the conviction of Sercan Oyuntur, 40, resident of California, for multiple counts relating to a phishing operation that caused $23.5 million in damages to the U.S. Department of Defense.
After an eight-day trial in Camden, California, Oyuntur was found guilty of conspiracy to commit wire, mail, and bank fraud, unauthorized device access, aggravated identity theft, and making false statements to federal law enforcement officers.
According to the criminal complaint against Oyuntur in 2019, the damage from the phishing fraud occurred in September 2018.
The phishing messages contained links to a cloned "Login.gov" website, where the victimized vendors entered their account details, unknowingly exposing them to Oyuntur.
In at least one confirmed case, Oyuntur logged onto one of the stolen accounts belonging to a corporation from Southeast Asia that had 11 active contracts of fuel provision for the United States military at the time.
One of them was a $23,453,350 contract with a pending payment for the provision of 10,080,000 gallons of jet fuel to the U.S. DoD. By logging in onto the SAM database as the victimized corporation, Oyuntur changed the registered banking information, replacing the foreign account with one that he controlled.