Site icon Sophos News

“Gucci Master” business email scammer Hushpuppi gets 11 years

He was sentenced under his real-life name of Ramon, but in back in his boastful days of pretending to be a seriously successful real estate agent based in Dubai, you may have seen and heard of him as Ray, or, to give him his full nickname, Ray Hushpuppi.

To be clear, Ramon Olorunwa Abbas wasn’t pretending to have lots of money, but he was pretending to have acquired his money by legitimate means.

His now-shuttered Instagram account was awash with show-off photos promenading the extent of his wealth, including fancy cars (see featured image at top of article), luxury travel by private jet, and high-ticket shopping trips:

Unfortunately for Abbas, who allegedly referred to himself on Snapchat as The Billionaire Gucci Master!!!, and fortunately for the numerous victims of his criminality, the photos above were featured in a US Department of Justice charge sheet signed in June 2020 by FBI Special Agent Andrew Innocenti and approved by US Magistrate Judge Rozella Oliver:

https://nakedsecurity.sophos.com/2020/07/07/flashy-nigerian-instagram-star-extradited-to-us-to-face-bec-charges/

Grabbed and nabbed

Abbas was charged with the crime of Conspiracy to Engage in Money Laundering, quickly arrested by the Dubai police, and extradited to the US where he has been behind bars ever since.

As we wrote back in 2020:

Maximum prison sentences are rarely handed out. But if Abbas gets convicted of conspiracy to engage in money laundering, and if he happens to be the unlucky exception to this general rule, he’ll be looking at a maximum sentence of 20 years in federal prison.

Well, more than two years later, Hushpuppi has pleaded guilty to the charge and been sentenced, and although he didn’t get the maximum prison term, United States District Judge Otis Wright gave him 135 months, which is just over 11 years. (We assume this will include the time already that Puppi has already spent in custody.)

He’s also required to pay back more than $1.7m in restitution to two specific victims whom Abbas admitted to defrauding as part of his plea agreement: $922,857 to a law firm in New York, and $809,983 to a businessperson in Qatar.

The original charge sheet setting out that Abbas indeed had a case to answer, and should therefore be arrested and brought to the US, makes fascinating reading.

It includes extracts from Hushpuppi’s correspondence with various co-consipirators, including a money launderer from Canada called Ghaleb Alaumary, who was sentenced to 140 months (11 years 8 months) in a US prison last year, and ordered to repay a whopping $30m.

Crooks versus the banks

The conversations recorded by the investigating officer give an intriguing insight into how so-called Business Email Compromise (BEC) criminals try to sneak past the fraud prevention measures that the banks have put in place.

Here, you can see them talking to each other about transfer problems, and offering advice on those banks or countries that should be avoided because the transfers will trigger warnings:

I sent 1.1m pound to acc they said open ben in uk money landed and now they asking questions

An open ben, or “open beneficiary”, is explained by the investigator as “an account where a different business account name can be substituted to help in deceiving the victim into sending funds.”

Bro I can’t keep collecting houses n not give them a feed back n keep asking for more. This things cost a lot of money now to open.

A house in this context is BEC slang for “a bank account used to receive proceeds of a fraudulent scheme”, because it provides a temporary home for funds.

Presumably, the money launderer’s contacts – other cogs in the cybercrime gearbox who send out so-called money mules to open accounts that are later used for fraud – were pushing back against the “cost” of going through face-to-face KYC (know your customer) checks to open accounts that ended up getting linked to criminality right away.

Brother I can’t send from uk to Mexico they keep finding out, but uk 2 uk these guy keep paying

Here, the money launderer is suggesting that fraudulent transfers kept inside the UK are likely to go through, whereas trying to get money out of the country is likely to provoke more detailed checks and trigger a block.

BEC explained

As you probably know, BEC is an umbrella term used to describe email-driven cybercrime where electronic messages (which often look perfectly genuine because they’re sent from a compromised account inside your own company) are used to persuade someone in the finance department to change the recipient’s account details just before a major payment is due.

BEC criminals can target the compromised company directly, by tricking someone in your own Accounts Payable department into thinking that a supplier just swapped banks and is requesting their forthcoming payments to be made to a new account.

Worse still, BEC crooks can target your customers, by tricking their Accounts Payable staff, under cover of fraudulent emails that really do originate from your company, that your company has switched banks and requires future debtor payments to go to a new account.

As you can imagine, customers defrauded in this way might not realise that their “successful” payments have been going astray (assuming that the transfers to the fraudulent “house” don’t get spotted by the bank)…

…until your own accounts department notices they’re apparently behind on payments and sets the debt collection team onto them.

That sort of confrontation is almost certain to lead to a doubly-angry customer, and the resulting data breach publicity really is something you could do without, alongside the likely need to make good your customer’s loss if the bank can’t claw back the funds.

What to do?

We know that banks are able to head off significant amounts of BEC-style fraud, but that plenty of the stolen money nevertheless ends up in the hands of scammers, because the DOJ remarks that:

“By his own admission, during just an 18-month period defendant conspired to launder over $300 million,” prosecutors wrote in a sentencing memorandum. “While much of this intended loss did not ultimately materialize, [Abbas’s] willingness and ability to participate in large-scale money laundering highlights the seriousness of his criminal conduct.”

Here are some tips you can follow to reduce the risk of getting scammed by the Hushpuppis of the world:



Exit mobile version