The 34-year-old Nigerian national is accused of stealing payroll deposits processed by a company that provides human resources and payroll services to employers across the U.S.
Onus allegedly participated in a scheme from about July 2017 to 2018 to conduct cyber intrusions of multiple user accounts maintained by the company.
During this period, 5,500 company user accounts were compromised and more than $800,000 in payroll funds were fraudulently diverted to prepaid debit cards, including those under Onus’s control.
The compromised accounts were associated with employers whose payroll was processed by the company, including employers located in New York, USA.
On April 14, 2021, Onus was arrested in San Francisco, California, USA and detained. On June 2, 2021, he was presented in federal court in Manhattan, New York City, New York before Magistrate Judge Sarah L. Cave.
According to Manhattan U.S. Attorney Audrey Strauss, Onus committed the crime “as effectively as someone who commits bank burglary but with no need for a blowtorch or bolt-cutters.”
“As alleged, Onus did this as effectively as someone who commits bank burglary, but with no need for a blowtorch or bolt-cutters. Thanks to the FBI and IRS-CI, Onus is in custody and facing serious federal charges,” the statement by the justice department said.
“From at least in or about July 2017 through at least in or about 2018, ONUS participated in a scheme to conduct cyber intrusions of multiple user accounts maintained by a company that provides human resources and payroll services to employers across the United States (the “Company”), in order to steal payroll deposits processed by the Company.
“During the course of the scheme, unauthorized access was obtained to over 5,500 Company user accounts through a cyber intrusion technique referred to as ‘credential stuffing’.
“After ONUS successfully gained unauthorized access to a Company user account, he changed the bank account information designated by the user of the account so that ONUS would receive the user’s payroll to a prepaid debit card that was under ONUS’s control.
“From at least in or about July 2017 through at least in or about 2018, at least approximately 5,500 Company user accounts were compromised and more than approximately $800,000 in payroll funds were fraudulently diverted to prepaid debit cards, including those under the control of ONUS. The compromised Company user accounts were associated with employers whose payroll was processed by the Company, including employers located in the Southern District of New York.”
The 34-year-old suspect was charged with one count of computer fraud for causing damage to a protected computer; one count of computer fraud for unauthorised access to a protected computer to further intended fraud; one count of wire fraud, and one count of receipt of stolen money, and one count of aggravated identity theft.
The development comes three weeks after Abidemi Rufai, an aide to Dapo Abiodun, Ogun state governor, was arrested over alleged $350,000 fraud in the US.