HomeTechnologyNewsUS Department of Defense tricked into paying $23.5 million to phishing actor

US Department of Defense tricked into paying $23.5 million to phishing actor


The US Department of Justice (DoJ) has announced the conviction of Sercan Oyuntur, 40, of California, on multiple counts related to a phishing operation that caused $23.5 million in damage to the US Department of Defense (DoD).

The scammer managed to divert Department of Defense funds intended for a jet fuel supplier to his personal bank account.

After an eight-day trial in Camden, California, Oyuntur was convicted of conspiracy to commit wire, mail, and bank fraud, unauthorized access to devices, aggravated identity theft, and making false statements to federal law enforcement officials.

phishing operation

According to the criminal complaint filed against Oyuntur in 2019, the damages from the phishing fraud occurred in September 2018.

Oyuntur and his co-conspirators registered the domain “dia-mil.com”, which is very similar to the legitimate “dla.mil”, and used it to send phishing emails.

These emails were sent to users of SAM (Sistema para la Administración de Premios), which is a supplier database where companies wishing to do business with the Federal Government are registered.

The phishing messages contained links to a cloned “login.gov” website, where victim sellers entered their account details, unknowingly exposing them to Oyuntur.

In at least one confirmed case, Oyuntur logged into one of the stolen accounts belonging to a Southeast Asian corporation that had 11 active fueling contracts for the US military at the time.

One was a $23,453,350 contract with outstanding payment for the supply of 10,080,000 gallons of jet fuel to the US Department of Defense.

By logging into SAM’s database as the victim corporation, Oyuntur changed the bank information on file, replacing the foreign account with one he controlled.

Attempt to overcome safeguards

At the time, the Department of Defense’s EBS servers featured a security system that scanned the SAM database every 24 hours for bank account changes and blocked pending bill payments that met specific risk criteria.

The conspirators ran into this problem after the bank account change and resorted to calling the DLA (Defense Logistics Agency), providing false explanations, and requesting manual approval of the financial information changes.

In October 2018, the payment was made. Oyuntur and his co-conspirators used falsified car sales invoices from a dealership to falsify an apparently legitimate source of the hefty sum.

“As part of his involvement in the scheme, Oyuntur worked closely with another co-conspirator, Hurriyet Arslan, owner of a used car dealership, Deal Automotive Sales, in Florence, New Jersey.”

“Arslan opened an independent shell company based in New Jersey to use in the criminal scheme, obtained a mobile phone number for the shell company, hired someone else to pose as the owner of the shell company, and opened an account. bank in the name of the fictitious company”. company “- the US Department of Justice.

However, the dealer used in the scheme was not a government contractor and was not registered with SAM, so the transaction still did not match existing automated verification systems.

As a result, an investigation was launched, gradually uncovering all the steps of the fraud, identifying one of Oyuntur’s conspirators, Hurriyet Arslan, owner of the car dealership, and reversing the transaction.

Arslan pleaded guilty to conspiracy, bank fraud and money laundering in January 2020 and is scheduled to be sentenced this summer.

Oyuntur faces a potential maximum penalty of 30 years in prison and a maximum fine of $1,000,000 or twice the gross earnings of the loss resulting from his crimes. The sentencing date has not yet been set.

Must Read

%d bloggers like this: