The day after his 29th birthday in May, Olalekan Jacob Ponle posted a picture on his Instagram standing next to a bright yellow Lamborghini in Dubai.
“Stop letting people make you feel guilty for the wealth you’ve acquired,” he admonished, wearing designer jewellery and Gucci clothes from head to toe.
A month later, the Nigerian, who goes by the name “mrwoodbery” on Instagram, was arrested by Dubai Police for alleged money laundering and cyber fraud.
The most famous of the dozen Africans nabbed in the dramatic operation was 37-year-old Ramon Olorunwa Abbas, “hushpuppi” or just “hush” as he was known by his 2.4 million Instagram followers.
Police in the emirate say they recovered $40m (£32m) in cash, 13 luxury cars worth $6.8m, 21 computers, 47 smartphones and the addresses of nearly two million alleged victims.
Mr Abbas and Mr Ponle were both extradited to the US and charged in a Chicago court with conspiracy to commit wire fraud and laundering hundreds of millions of dollars obtained from cybercrimes.
The two have not yet been asked to plead and are presumed innocent until proven guilty.
“I think there’s probably a certain arrogance when they believe they’ve been careful about maintaining anonymity in their online identities, but they live high on the hog and get careless on social media,” said Glen Donath, a former senior prosecutor in the US Attorney’s Office in Washington, DC.
It is a spectacular crash for the two Nigerian men who extensively documented their tacky, high-flying lifestyle on social media, raising questions about the sources of their wealth.
They unwittingly provided crucial information about their identities and activities for American detectives with their Instagram and Snapchat posts.
They are accused of impersonating legitimate employees of various US companies in “business email compromise” (BEC) schemes and tricking the recipients into wiring millions of dollars into their own accounts.
On Instagram, hushpuppi said he was a real estate developer and had a category of videos called “Flexing” – social media lingo for showing off. But the “houses” were actually a codeword for bank accounts “used to receive proceeds of a fraudulent scheme”, investigators allege.
“Our value system in Nigeria needs to be checked, especially the emphasis we place on wealth, no matter how you got it,” the economist Ebuka Emebinah told the BBC from New York.
“It’s a culture where people believe that results speak for you. We don’t place as much emphasis on the process and this has built up over time.”
English Premier League team targeted
In April, hushpuppi renewed his lease for another year at the exclusive Palazzo Versace apartments in Dubai under his real name and phone number.
“Thank you, Lord, for the many blessings in my life. Continue to shame those waiting for me to be shamed,” he captioned an Instagram picture of a Rolls-Royce just a fortnight before he was arrested.
“Abbas finances this opulent lifestyle through crime, and he is one of the leaders of a transnational network that facilitates computer intrusions, fraudulent schemes (including BEC schemes), and money laundering, targeting victims around the world in schemes designed to steal hundreds of millions of dollars,” the Federal Bureau of Investigations (FBI) said in an affidavit.
In one case, a foreign financial institution allegedly lost $14.7m in a cyber-heist where the money ended up in hushpuppi’s bank accounts in multiple countries.
The affidavit also alleged that he was involved in a scheme to steal $124m from an unnamed English Premier League team.
The FBI obtained records from his Google, Apple iCloud, Instagram and Snapchat accounts which allegedly contained banking information, passports, communication with conspirators and records of wire transfers.
About 90% of business email compromise scams originate in West Africa, research from American email security firm Agari shows.
The complaint against Mr Abbas and Mr Ponle describe tactics that resemble what the company calls Vendor Email Compromise tactics, where scammers compromise an email account and study communication between a customer and a vendor.
“The scammer would gather contextual details, as they watched the legitimate email flow,” explains Crane Hassold, Agari’s senior director of threat research.
“The bad actor would redirect emails to the bad actor’s email account, craft emails to the customer that looked like they are coming from the vendor, indicate that the ‘vendor’ had a new bank account, provide ‘updated’ bank account information and the money would be gone, at that point.”
Mr Ponle, known online as “mrwoodberry”, used Mark Kain in emails, according to the FBI.
He is accused of defrauding a Chicago-based company into sending wire transfers of $15.2m. Companies in Iowa, Kansas, Michigan, New York, and California are also said to have fallen victim.
The cash trail allegedly disappeared after his accomplices, called money mules, converted the money into the cryptocurrency bitcoin.
Email scams have become so prevalent globally, and so deeply linked to Nigeria, that the fraudsters have a name in the country: “Yahoo boys”.
They try to convince a recipient to wire money to the other side of the world or they go “phishing”, stealing a user’s identity and personal information for fraud.
The FBI warns against the Nigerian letter or “419” fraud – emails promising large sums of money, called advance fee scams. The “Nigerian prince” trope has become shorthand for deception.
A Washington, DC-based attorney, Moe Odele, finds it frustrating as a Nigerian because it ignores the “systemic failures that have led to brilliant Nigerian youths engaging in these scams”, in the country and abroad.
“They see it as an easy way out in a country that offers them limited options and, in many cases, no options at all,” she says.
“But there are also many brilliant Nigerians are represented in world stages from education to pop culture.”
How Nigeria suffers
Last month, the US Treasury Department blacklisted six Nigerians among 79 individuals and organisations in its Most Wanted cybercriminals list. It accused them of stealing more than $6m from American citizens through deceptive global threats like BEC and romance fraud.
Ayo Bankole Akintujoye – founder of Nigeria-based Bootcamp, a start-up incubation initiative – faults the international attention on Nigeria alone.
“A lot of Nigerians are doing fantastic things all over the world, but they don’t get as much media mileage as the guys doing bad things. It affects all the guys doing legitimate stuff especially in the tech space,” he said.
“A lot of foreign companies don’t ship to Nigeria, many payment platforms don’t accept payments from us because it has ruined our image.”
In its internet crime report for 2019, the FBI said it had received more than 460,000 complaints of suspected cyber fraud, with losses of more than $3.5bn reported. More than $300m was recovered, it said.
However, many online fraudsters don’t get caught and even fewer end up going to jail.
Mr Donath says the cases are challenging because they happen overseas and tend to be quite sophisticated.
“They’re time-consuming, highly document-intensive, and in many federal criminal cases, you have the difficulty of walking a jury through a chronology of relevant facts,” said the partner at law firm Clifford Chance.
If convicted, Mr Abbas and Mr Ponle could be locked up for up to 20 years.
How a 419 and romance scam works
- An individual may contact you via e-mail, explaining he needs help to transfer money
- Will tell you that political turmoil or a natural disaster makes it difficult for him to make the transfer
- Will ask you to give him your financial details so that he can transfer the money into your account
- This allows him to access and steal from your account
- Be careful what you post on social media and dating sites as scammers use the details to better understand you and target you