Friday, May 04, 2012

Waya Nwaki pleads guilty in globe-spanning phishing ring

We often hear complaints from our Banking friends about criminals in Nigeria. Today's story is another example of the truth that in 2012, there is no place left to hide. Back in April 2011, FBI New Jersey presented their case to the Grand Jury in the form of a sealed indictment accusing several criminals of phishing:

Karlis Karklins
Charles Umeh Chidi
Waya Nwaki (AKA Prince Abuja, AKA USAPrince12k)
Osarhieme Uyi Obaygbona (AKA bside)
Marvin Dion HIll (AKA Nyhiar Da Boss, AKA Nihiar Springs)
Alphonsus Osuala
Olaniyi Jones

The case was officially unsealed on January 20, 2012, as the suspects were rounded up, chiefly Olaniyi Jones Makinde, who was arrested that week in Lagos, Nigeria:

(click for original in

Romance: Nigeria Style

Although this is what would normally be thought of as a "Nigerian Scam Ring" many of the players were already in the United States and had been for some time. Olaniyi, pictured above, is better known to Americans as his romantic alter ego, Brenda Stuart (, age 35, London, b.Feb 21, 1977)

"Brenda" would "fall in love" with various men that "she" met online, and then have various financial hardships which required the men to send money to her overseas accounts. Several "Money Mules" (called "Maga" in the Nigerian lingo) would assist with getting the money back to Jones via Western Union or Moneygram.

According to BekkyBlog Olaniyi Victor Makinde, also known as Andrea Bradley and Olaniyi Jones was originally arrested on September 6, 2011 by FBI agents working with Nigerian authorities on charges brought by the San Francisco division of the FBI related to two marriage scams where he harvested $620,225.04 from two American victims, Marilou Sibbaluca and John Massoni. While waiting in the Olokuta medium prison, he was charged again in the current New Jersey case. According to the blogger, Olanyiy was a recent graduate of the University of Ado Ekiti.

Criminal History in US

Waya Nwaki and Alphonsis Osuala should have been fairly easy to find. Rather than being in Nigeria, they were already in prison in Georgia. They had been arrested in Belvedere, South Carolina all the way back in April 20, 2005. They recruited a "white guy", Douglas Hudson, to go into a bank and cash a check for $2950 in a Bank of America branch while they waited outside in their silver Lincoln Navigator. Later that day they did the same scam, using a copy of the same check, in Aiken, South Carolina. Aiken, who was carrying a counterfeit resident alien card in the name of Steven Ratzlaff, was arrested in the bank by Lieutenant Farmer of the Aiken Department of Public Safety, while his colleague Officer Wilson pulled over the suspicious Lincoln Navigator and searched it, finding $17,000 in cash under the driver's seat, and a fake soda can containing six more copies of the same check. Nwaki was paying Hudosn $500 for each check they succesfully cashed, and theat they had done five successful scams in the previous two days. After being released, they were apparently back on the street for a while before being rearrested in Georgia.


The more recent scams were pure phishing. The six US-based codefendants worked with Jones to steal money from Payroll Processors ADP and Intuit as well as several banks. Karklins and Chidi would email phishing and spear-phishing attacks to the banking customers to lure them to phishing sites - fake bank websites that would be used to gather login credentials. As has been a growing trend, some of the credentials were used to do telephone transactions with the banks, instead of trying to use their online systems, which often have more fraud protection in place. Once the money was available, the criminals sent wire transfers to bank accounts in the United States, Mexico, the United Kingdom, Latvia, France, Bulgaria, Russia, and Nigeria. $3.5 million in wire transfers were attempted and $1.3 million were successfully withdrawn. This activity spanned a couple years, beginning at least as early as November 2009, when Karklins was setting up Chase Bank phishing sites. In January 2010 they added an ADP scam, and successfully harvested credentials for at least 27 sets of userids and passwords. These Payroll accounts allowed them to establish imaginary employees in various companies who received payments along with the real employees each payday until they were discovered. Karklins and Chidi would email Nwaki credentials for high value phishing accounts that they came across so that Nwaki could gather the money. It seems they ignored low value balances and focused only on taking the money from the high value accounts. Notices would go to Nwaki such as "28k chase, male, login yourself for check copy." or "CHASE 13.8k = male, age 32" or "BOA Business 25k + mail access". In February 2010, an Regions Bank account operated by defendant Hill was used to wire money to Bulgaria and Latvia. Nwaki also provided login credentials for a "50k drop" that was sent to the Regions account. Of the more than $1.3 million stolen, more than $300,000 of the funds were sent to a J.M. Sovereign Account operated by Jones in Nigeria.