San Diego, California - Amil Hassan Raage pleaded guilty to fraudulently receiving almost $750,000 as part of a spear phishing scheme. (Spear-phishing is when an unwitting victim responds to a bogus email, which the victim believes is from a trusted sender, and reveals confidential information to the fraudsters.)
On July 23, 2018, the University of California San Diego (UCSD) received a spear phishing email from a fraudulent Dell email account instructing UCSD to redirect its payments meant for Dell equipment and services to Raage’s Wells Fargo bank account in Minnesota. Believing that the email was from a legitimate Dell employee, UCSD followed the instructions and redirected payment.
The email actually originated from one of Raage’s co-conspirators in Kenya. From August 8 through September 12, 2018, UCSD sent Raage 28 payments totaling $749,158.37. Each time UCSD wired money to Raage’s account, Raage would promptly withdraw the money or transfer it to another account. When UCSD learned of the fraud, it halted payments.
UCSD was not alone. Raage and his co-conspirators perpetrated a similar scheme on another university, this one in Pennsylvania. Again, a co-conspirator in Kenya used a falsified Dell account to instruct the Pennsylvania university to redirect its Dell payments to a bank account in Minnesota again controlled by Raage. Over the month of January 2018, the Pennsylvania university wired six payments totaling $123,643.77 to Raage’s bank account before the university was alerted to the fraud and stopped payments.
After the bank froze Raage’s accounts, he fled to Kenya on September 22, 2018. Working with Kenyan law enforcement, the FBI’s Legal Attaché in Kenya, and the Department of Justice’s Office of International Affairs, Kenyan police arrested Raage on May 7, 2019, and extradited back to the United States on May 23, 2019, to face prosecution for his involvement in this theft.
“Modern criminals like Raage have ditched the ski mask and getaway vehicle and opted for a computer as their weapon of choice,” said U.S. Attorney Robert Brewer. “As this defendant has learned, we are matching wits with new-age thieves and successfully tracking them down and putting an end to their high-tech deception.”
“As exemplified by this outstanding result, criminals who operate in cyberspace falsely believe themselves to be beyond the reach of law enforcement, but they are sorely mistaken,” said FBI Special Agent-In-Charge Scott Brunner. “Our agents will relentlessly pursue justice, aided by our foreign partners. Thank you to the Kenyan National Police and the Office of International Affairs for their invaluable assistance in bringing Mr. Raage before the bar of justice.”
This type of spear phishing activity has been on the rise, especially for universities, local governments and other entities with procurement paperwork available on-line.
If you or your business or organization have been victimized by an email compromise scam, such as this one, it is important to act quickly. Contact your financial institution immediately and request that they contact the financial institution where the fraudulent transfer was sent. Next, call the FBI at 1-800-CALL-FBI and also file a complaint—regardless of dollar loss—with the FBI’s Internet Crime Complaint Center (IC3).
Raage’s sentencing is set for 8:30 a.m. on October 11, 2019, before U.S. District Judge Gonzalo P. Curiel.
DEFENDANT Case Number: 18CR4858-GPC
Amil Hassan Raage Age: 48
SUMMARY OF CHARGE
Conspiracy to Commit Wire Fraud, in violation of Title 18 United States Code, Sections 1349
Maximum Penalty: Twenty years in prison
Federal Bureau of Investigation, San Diego Division
Kenya Police Service
Director of Public Prosecutions, Kenya
Legal Attaché, U.S. Embassy, Nairobi, Kenya
U.S. Department of Justice, Office of International Affairs