Skip to main content
Press Release

Nigerian National Pleads Guilty To Participating In Scheme To Conduct Cyber Intrusions To Steal Payroll Deposits

For Immediate Release
U.S. Attorney's Office, Southern District of New York

Damian Williams, the United States Attorney for the Southern District of New York, announced that CHARLES ONUS pled guilty to computer fraud in connection with a scheme to conduct cyber intrusions in order to steal payroll deposits from multiple user accounts maintained by a company that provides human resources and payroll services to employers across the United States.  ONUS was previously arrested on April 14, 2021 in San Francisco while traveling to the United States from Nigeria and has been detained since his arrest.  ONUS pled guilty today before U.S. District Judge Paul G. Gardephe.  

U.S. Attorney Damian Williams said:   “Charles Onus admitted to participating in a scheme to steal hundreds of thousands of hard-earned dollars from workers across the United States by hacking into a payroll company’s system and diverting payroll deposits to prepaid debit cards he controlled.  Our Office will continue to work with our law enforcement partners to zealously arrest and prosecute those who seek to commit cybercrimes targeting Americans from behind a keyboard abroad.”

According to the Indictment, public court filings, and statements made in court: 

From at least in or about July 2017 through at least in or about 2018, ONUS participated in a scheme to conduct cyber intrusions of multiple user accounts maintained by a company that provides human resources and payroll services to employers across the United States (the “Company”), in order to steal payroll deposits processed by the Company.

During the course of the scheme, unauthorized access was obtained to over 5,500 Company user accounts through a cyber intrusion technique referred to as “credential stuffing.”  During a credential stuffing attack, a cyber threat actor collects stolen credentials, or username and password pairs, obtained from other large-scale data breaches of other companies.  The threat actor then systematically attempts to use those stolen credentials to obtain unauthorized access to accounts held by the same user with other companies and providers, to compromise accounts where the user has maintained the same password.

After a Company user account was compromised, the bank account information designated by the user of the account was changed so that ONUS would receive the user’s payroll to a prepaid debit card that was under ONUS’s control. 

From at least in or about July 2017 through at least in or about 2018, at least approximately 5,500 Company user accounts were compromised and more than approximately $800,000 in payroll funds were fraudulently diverted to prepaid debit cards, including those under the control of ONUS.  The compromised Company user accounts were associated with employers whose payroll was processed by the Company, including employers located in the Southern District of New York.

ONUS was arrested on April 14, 2021 at San Francisco International Airport after arriving on a flight from Abuja, Nigeria.  According to statements ONUS made to U.S. Customs and Border Protection at the airport, ONUS was traveling to the United States for a two-week vacation in Las Vegas.

*                *                *

ONUS, 34, a resident and national of the Federal Republic of Nigeria, pled guilty to one count of computer fraud for unauthorized access to a protected computer to further intended fraud, which carries a maximum sentence of five years in prison.  The maximum potential sentence in this case is prescribed by Congress and is provided here for informational purposes only, as any sentencing of the defendant will be determined by the judge.

ONUS is scheduled be sentenced on May 12, 2022, by Judge Gardephe. 

Mr. Williams praised the outstanding investigative work of the FBI and IRS-CI.  Mr. Williams also thanked the New York City Police Department, the FBI New York Cyber Task Force, U.S. Customs and Border Protection, and the FBI Field Office in San Francisco for their assistance in the investigation of this case.

The prosecution of this case is being handled by the Office’s Complex Frauds and Cybercrime Unit.  Assistant United States Attorney Sagar K. Ravi is in charge of the prosecution.

Contact

Nicholas Biase
(212) 637-2600

Updated February 22, 2022

Topic
Financial Fraud
Press Release Number: 22-055