Two Nigerian men who were part of a conspiracy to gather personal financial information from local government employees and the State of Vermont have had their day in court. The crime included “spear-phishing” emails that were sent to unsuspecting recipients expecting to click on a link from the human resources departments of their employers. Information stolen consisted of usernames and passwords that allowed these hackers access to important data. The data illegally gathered made it possible for Eneye Dania and Osariemen Isibor of Nigeria to file fraudulent tax returns.

“Phishing” and “Spear-Phishing” described by federal criminal defense lawyers in Burlington, Vermont:

  • “Phishing” is a serious crime where cyber thieves send official-looking emails to your account. You believe it is a real and trustworthy source, but instead, when you click on the link, you are led to a counterfeit website where you enter sensitive information.
  • “Spear phishing” takes a more direct approach. Those involved in stealing information target certain people within a group, finding something in common with all of them, such as where they are employed, their bank, or where they graduated from college. These criminal emails will be from someone that victims of this crime would typically receive emails from, allowing the cyber thieves to have the upper hand in the situation. When substantial information has been gained, they can then hack into entire companies’ networks. Hackers may also use the financial information gained, such as credit card credentials and bank account numbers, to steal money and create entirely new identities. In many cases, the misleading links in these emails will have malware that can hijack computers.

As in the crime above, spear phishing can be done thousands of miles away. In the case described above, however, the defendants traveled from Nigeria to the United States, unaware that agents with the Federal Bureau of Investigation were on to their scheme. Officials with FBI Albany Cyber Task Force and agents with the Internal Revenue Service’s Criminal Investigations Division in Vermont investigated the crime. Charges were then filed against Eneye Dania and Osariemen Isibor of Nigeria.

Dania was represented by Attorney Robert Sussman. Osariemen’s defense was Attorney Paul Volk. Both men will be removed from the United States after their sentences are served.

This case shows that anyone can be at risk of receiving a spear-phishing email. However, there are ways to protect yourself from falling prey to cyber hackers who have signaled you out for a crime. Some practical things to remember include remembering that most financial institutions, companies, or agencies will not contact you via email to request sensitive information. Also, there are often phishing filters built in your web browser to help keep you safe. Remembering not to follow a URL but type it in manually into your browser is another way to prevent spear phishing from becoming your reality.

Spear phishing is a serious crime, and anyone can become a victim of these conspiracies even with precautions taken.