British individual accused of hacking email servers and computers in US banks; losses of more than $5 million USD

The U.S. Department of Justice (DOJ) has accused a British citizen of stealing money from investor accounts after hacking into email servers and computers in banks and brokerage houses, committing bank fraud for more than $5 million USD.

In the complaint, a total of 10 charges were filed against Idris Dayo Mustapha, accusing him of employing social engineering tactics, phishing and other means in order to obtain usernames and passwords to access online bank accounts between 2011 and 2018.

Prosecutors mention that Mustapha, originally from Nigeria, began by transferring money from the victims to his own accounts; after the banks identified the fraudulent activity, the defendant and his accomplices decided to conduct unauthorized stock trades in compromised accounts, while also conducting other lucrative operations.

Among the evidence presented by prosecutors is a conversation between the defendant and an alleged accomplice that took place in April 2016: “It is better to make constant transfers, not to make a direct fraud,” Mustapha said.

Breon Peace, the attorney general in Brooklyn, released a statement mentioning that Mustapha was part of a cybercriminal group that caused millions of dollars in losses to hundreds of victims in the U.S., participating in all kinds of cybercrimes.

Mustapha was arrested in the UK at the end of 2021; the DOJ has already requested his extradition. If convicted, Mustapha could face a sentence of up to 20 years in prison for each of the charges against him, including wire fraud, securities fraud, money laundering and aggravated identity theft.

In 2016, the U.S. Securities and Exchange Commission (SEC) successfully requested an asset freeze against Mustapha in a civil lawsuit in Manhattan, an investigation related to a hack against stock market investors.

To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) websites.