The details are shocking. A flashy 24-year old Cameroonian man who drove a Bentley Continental, a Porsche and a Land Rover, and made a hip-hop video documenting his life as a club denizen in D.C. area nightspots as well as claimed to run a media production business, was in reality the ringleader of a global cybercriminal organization operating from Maryland in the United States.
His scams reached from Greenbelt, College Park and Bowie in Maryland to South Africa, West Africa and Europe.
His real name is Aldrin Fon Fomukong but on the dark web and in Washington DC night clubs, he was known as “Albanky“.
His schemes cost 13 victims across the U.S. $4.2 million over many months.
With his crew of about 20 collaborators, Aldrin Fon Fomukong or Albanky, ran what prosecutors described as destructive series of email frauds.
The sophisticated frauds netted the cybercriminals 4.2 million dollars and pushed their victims to the brink of financial ruin.
“The wire fraud and money laundering scheme was documented by prosecutors who have secured six guilty pleas sending at least one scammer to federal prison for more than seven years,” reported wusa9.com
Fomukong, the ringleader, will soon know his sentence.
“Between February 2016 and in or about July 2017, Fomukong and his co-conspirators gained access to email accounts associated with the victims and sent false wiring instructions, causing the victims’ financial institutions to wire millions of dollars into drop accounts set up by the defendants,” the Maryland District of the U.S. Attorney’s office announced in a written statement in 2018.
Court documents showed that Fomukong’s partners in crime were a skilled group of South Africa-based hackers known for a fraud tactic called “spearfishing.”
According to wusa9.com, “the tactic involves breaking into email accounts by baiting users to click into convincing-looking links that secretly download coded instructions that allow the hackers to monitor the mail, collect critical information and then launch a highly-targeted, convincing fraudulent attack”.
“But the collaborators overseas needed a crew in the U.S. to set up legitimate-looking accounts to launder and send stolen money offshore quickly. That’s where Fomukong and his collaborators in the U.S. came in”.
They set up legitimate bank accounts in the United States and would even travel to Texas or Louisiana to withdraw cash or checks in person before the fraud was detected and stopped.
Wusa9.com said one collaborator, 23-year-old Carlson Cho, who was known as “Uncle Tiga2,” of Braintree, Massachusetts, was especially crucial because he worked right at Bank of America.
Cho, who also has Cameroonian roots, posted photos of himself in a U.S. Marine uniform.
“Cho’s conduct was especially egregious,” prosecutors wrote in a recently filed sentencing memorandum. “He was a Bank of America employee, a position which allowed him to fraudulently authorize large wire transactions to launder (or attempt to launder) victim funds to bank accounts outside the United States, including South Africa, Cameroon, the Czech Republic and Poland.”
“Cho laundered over $1 million of victim funds out of the country using his position as a Bank of America employee and caused an intended loss to Victims C, D, L and M of over $3.3 million,” prosecutors said.
Prosecutors said the scammers sent more than $300,000 to Fomukong’s mother in Cameroon.
Prosecutors wrote how individual and business email accounts were phished allowing the scammers to gain access.
“The members then sent false wiring instructions to the victims’ email accounts from spoofed email accounts,” prosecutors said. “These spoofed email accounts resembled legitimate email accounts for title companies, vendors, and other businesses and individuals from whom the victims were expecting wire instructions.”
One example provided a deep look at the vulnerabilities exploited by the attacks.
“Victim F learned that an outside party breached the accounting manager’s email address and added a ‘rule’ to the mailbox wherein all emails that matched certain criteria would be automatically forwarded to a conspirator’s email account,” prosecutors said.
“Additionally, the true emails would be forwarded to an inbox where they would go unnoticed. The outside party thereafter edited intercepted emails by changing the sender’s email address and bank wire instructions. After the alteration, the fraudulent email was sent to the accounting manager, resulting in the wire transfer of $50,703.00”.
The victim had no idea he’d been robbed until he was called by a client about a wire transfer that was expected but not received, prosecutors said.