Texas man sent millions of phishing emails and managed to steal hundreds of credit card numbers

A man who hacked into the systems of the Los Angeles Superior Court (LASC) to conduct a mass phishing campaign has been sentenced to 12 years behind bars.

The 33-year-old was charged with one count of conspiracy to commit wire fraud, 15 counts of wire fraud, one count of attempted wire fraud, one count of unauthorized impairment of a protected computer, five counts of unauthorized access to a protected computer to obtain information, and four counts of aggravated identity theft.

Oriyomi Sadiq Aloba, 33, of Katy, Texas, was found guilty following a three-day hearing in July, the US Department of Justice (DoJ) said on Monday.

This week, United States District Judge Gary Klausner sentenced Aloba to 145 months in federal prison and ordered him to pay $47,479 in restitution.

Targeted phishing attack

In July 2017, Aloba and co-conspirators targeted LASC. A court employee’s email account was compromised through phishing and provided the leverage to send out emails to co-workers requesting their email account credentials.

Thousands of court staff received the email, crafted to appear from Dropbox, and hundreds fell for the scheme.

Now armed with a cache of email accounts to abuse, the fraudsters sent out roughly two million phishing messages, branded to appear as coming from companies including American Express and Wells Fargo.


READ MORE Domain squatting malfeasance ratchets up ahead of US presidential election


The emails contained links to malicious domains and attempted to coax prospective marks into handing over the bank login or payment card details.

Hundreds of credit card numbers were stolen through the scheme, with the looted information programmed to be sent automatically to an email account controlled by Aloba.

‘Thumb drive in a toilet’

After identifying him as a suspect, police executed a warrant at Aloba’s home address, leading to the seizure of material the suspect had allegedly attempted to destroy.

Police recovered a “a thumb drive in a toilet, a damaged iPhone in a bathroom sink, and a laptop computer with a smashed screen that was smeared with fresh blood.

Nearby, agents found a broken mug, which apparently was used to smash the laptop computer, and observed blood on Aloba’s hands.”

Substantial disruption

Prosecutors say the phishing campaign resulted in “substantial disruption to the administration of the LASC, including taking hundreds of employees offline for hours, at a minimum, and possibly days,” as well as over $45,000 in losses.

Aloba’s targeting of the “largest court system in the world… merits special attention,” prosecutors wrote in a sentencing memorandum.

A co-defendant, Robert Charles Nicholson (AKA “Million$Menace”) , 28, from Brooklyn, New York, pleaded guilty in June to one count of conspiracy to commit wire fraud.

Nicholson faces a November 4 sentencing hearing.

Three other defendants allegedly hired by Aloba to create the “phishing kits”, remain at large outside the US.

The case was investigated by the FBI and the Los Angeles County District Attorney’s Office.


YOU MIGHT ALSO LIKE Crypto-exchange admins targeted with malware-ridden app