Arabic Arabic Chinese (Simplified) Chinese (Simplified) Dutch Dutch English English French French German German Italian Italian Portuguese Portuguese Russian Russian Spanish Spanish
0

Chidozie Collins Obasi – COVID Fraud & Work at Home Scams | #emailsecurity | #phishing | #ransomware | #hacking | #aihp


On September 9, 2022, the FBI’s Philadelphia office asked for help locating Chidozie Collins Obasi.  OBASI is charged with being part of a conspiracy to steal more than $30 Million related to COVID Fraud out of New York.  How did the scam work? Much of it goes back to a typical model = a fake job offer and a counterfeit check.  But in this case, there was much more!

During the COVID-19 crisis, the New York State Department of Health was responsible for buying and allocating ventilators to hospitals in the State of New York.  Two of their hospitals will be relevant in this case. Guthrie, a non-profit health care system based in Sayre, Pennsylvania, but operating two hospitals in New York, and Northwell Health, another non-profit healthcare network at that time the largest provider of rehab and nursing facilities also providing urgent care, hospice care, and home health services. 

Part of the scam conducted by OBASI was to offer for sale three ventilator products sold by the German company Draeger, Inc, with a U.S. headquarters in Telford, Pennsylvania.  Their three most popular ventilators for sale in the US were the Evita 300 ($15,000), the Savina 300 ($17,000) and the Evita V500 ($21,000).  

A few websites were used as part of this scam.  Tawada Healthcare in Indonesia (tawadahealthcare.com), MedWOW Ltd. Global, of Cyprus (medwow.com), Zhejiang Tiansong Medical Instrument Company (zj-tiansong.com). 

Members of OBASI’s conspiracy opened bank accounts at foreign banks in China, United Arab Emirates, and Indonesia. They then registered look-alike domain names that appeared to be the domains for Tawada Healthcare, MedWOW, and Tiansong Medical. OBASI and team then made false identities and claimed to be employees in the spoofed companies, including Luiz Alfredo, Marc Alfredo, and others. 

OBASI used a spam-sending service based in the Ukraine (snov.io) and VOIP accounts created via TextMe and TextNow to allow them to use French and US-based virtual telephone numbers that would route to their real devices. 

WORK FROM HOME SCAM 

OBASI then sent thousands of emails to job seekers in the United States offering them employment at one of the spoofed companies. They explained that because their companies were overseas and had no US bank presence, they needed to hire them to accept payments on behalf of their North American customers. The new “employees” were thus duped into acting as money mules for the scammers, opening up bank accounts or allowing their own accounts to be used to receive funds, for which they would receive a commission in addition to their “salaries.” 

The new employees would received counterfeit checks being sent from a co-conspirator in Canada and were instructed to deposit the checks into their personal accounts. The checks were delivered via companies such as DHL and FedEx. The funds from these checks, which the employees believed were payments for ventilator sales, were then instructed to be wired to the international bank accounts OBASI and others maintained overseas.  The employees received more than $11 million in such checks although only $1,005,227 was forwarded to OBASI’s crew. The work-from-home scam aspect ran from approximately September 2018 through March 2020.

VENTILATOR SALES 

Beginning in March 2020, OBASI’s crew noticed the shortage of ventilators and determined that they might make more money by claiming to have a large supply of Draeger ventilators for sale to US companies.  Their next round of work-from-home scams were to recruit medical sales professionals to act as their agents to sell the ventilators, which this class of employees believed were held in large numbers by Tawada Healthcare. OBASI took the role of researching how such ventilators were normally sold, using false identities to reach out to Draeger asking questions about their ventilators. He then created price quotes and sales contracts, along with letters of guarantee, claiming that Tawada Healthcare (who he represented as “Marc Alfredo”) had the ventilators in stock and were ready to sell them. 

The French TextNow telephone number was listed as a reference account of a happy French customer who had worked with Marc Alfredo and had been pleased with the ventilators he had purchased. American customers purchased the ventilators from OBASI’s “work-from-home” sales crew who received payments and then wired the money forward, less their commission, to OBASI’s bank accounts in Hong Kong. 

Between March 2020 and April 2020, they prepared offer letters for $286,800,000 worth of Draeger ventilators!  $30,689,560 were actually sent to OBASI and his crew, solely by the State of New York!

SBA’s COVID-19 EID Loan Program 

The third phase of OBASI’s crimes was to steal the identities of American citizens, which they had in abundance because of all of the “job applications” that they had received.  Using this information, OBASI’s crew then applied for money from the US Small Business Administration’s EID Loan Program. The loan processor, based in Des Moines, Iowa, sent the funds to the “employee’s” bank accounts, however the employees believed that these were also payments for Draeger ventilators being purchased from Tawada Healthcare, who they believed was their employer.  These funds were then forwarded to bank accounts operated by OBASI and others via Western Union or wire transfer to a bank account in Tangerang, Indonesia. 

55 fraudulent SBA COVID-19 EID Loan applications were paid out, each to a different stolen identity, totalling an additional $455,300 in fraud, of which $277,400 was successfully transferred to Indonesia. 

Domains used: 

mailzj-tainsong[.]com – used to spoof Tiansong Medican 

mailmedwowglobal[.]com = used to spoof MedWOW
[email protected] = (the Luiz Alfredo account) 

emailthc[.]com = used to spoof Tawada Healthcare 

863-855-3342 = a TextMe VOIP number (the “Alfredo Phone”) 
[email protected][.]com = the fake Marc Alfredo’s email 
[email protected][.]com = another fake Marc Alfredo email 

[email protected] = spam accounts used to hire and interact with employees
[email protected] 
[email protected] 
[email protected]
[email protected] 
[email protected] 
[email protected] 
[email protected] 

[email protected] = a fake account of “Bill Cartu” posing as a MedWOW customer 

[email protected] = a fake company “Albert Scott Breese / Black Diamond Investment Company of Santa Monica, CA” 

[email protected] = John Albin was an alias used by the Canadian Co-conspirator to communicate with “Marc Alfredo” regarding where checks should be sent.

fbi-fieldofficeny.com = used to fraudulently imitate the FBI

More Technical Details 

An example of the use of Snov[.]io was an email on 15MAR2020 sent to 162 US persons from [email protected] asking “Hi, I’m wondering if you’re getting my email regarding a contract position.” 

If they replied, they would then received emails from “[email protected][.]com” explaining more about the job at Tawada Helathcare, offering a 5% commission on any sales, and their role in receiving payments from North American customers. 

In order for the quotes being sent to look realistic, OBASI interacted with the real Tawada Healthcare, claiming to be “Dr. Collins” from the University of Rochester and asking for an Urgent quote for Evita 300 and Savina 300 ventilators. 

OBASI also contacted Draeger to get quote information, using the name “Collins Obasi” in the quote request and claiming to be an employee of Northwell Hospital.  In response to questions received from potential customers, he asked several more technical questions in future correspondence, 

Using these quotes as a template, OBASI crafted false quotes for among other things: 

20 ventilators to GUTHRIE for $340,000 
70 ventilators to GUTHRIE for $1,190,000 
35 ventilators to GUTHRIE for $595,000 
100 ventilators to NORTHWELL for $1,600,000 
500 ventilators to State of New York for $19,000,000 

KeyBank was one that challenged an outbound wire to the Bank of China HK LTD that was going to “Hong Kong Murphy Trading Co Limited.” 

They received a reply stating: 

“I Surya Darma, accounts officer for Tawada Healthcare lakarta, Indonesia authorize that we did request funding of $12,637,660.00 to be wired to the Bank of China HK LTD for a beneficiary named Hong Kong Murphy Trading Co Limited. These funds are for a purchase order for ventilators by New York State Department of Health as delivery is of the utmost important due to the Covidl9 crisis. Please kindly expedite the wire urgently.”

and …. they sent the money. (April 1, 2020) 

That same day “[email protected][.]com” emailed an employee of the State of New York a signed purchase order for 2,000 Draeger ventilators from Tawada Healthcare for $38,004,000 and asked for a 50% deposit to be sent from the State of New York’s KeyBank account (ending in 0026) to an “employee” account at KeyBank ending in 4326. 

A wire was sent by that employee on 02APR2020 to Bank of China HK LTD for $18,051,900 – the $19,002,000 requested minus the “employee’s” 5% commission. 

Things get really crazy then when OBASI has one of his team make up an FBI Special Agent named Terrence Andrews, of the “International Funds Transfer Monitoring” department of the Albany Field Office asking him to call him back on OBASI’s TextOne number to discuss “recent transactions and dealings with a foreign company.  That email came from “[email protected]” 

Another co-conspirator then became “FBI Special Agent S.N. of Philadelphia” and instructed that they should only discuss the charges by reaching him at 267-792-1272 using passcode “Operation Covid19” and that they should not speak to anyone else at the FBI except him. 

SUMMARY OF CHARGES

Click Here For The Original Source.


————————————————————————————-

National Cyber Security

FREE
VIEW