Security Experts:

Connect with us

Hi, what are you looking for?



California Man Convicted for Stealing Millions From DoD via Phishing Scheme

A California man was convicted last week for his role in a multi-million dollar phishing scheme targeting the US Department of Defense (DoD).

A California man was convicted last week for his role in a multi-million dollar phishing scheme targeting the US Department of Defense (DoD).

The man, Sercan Oyuntur, 40, of Northridge, California, was convicted on six counts, including conspiracy to commit wire, mail and bank fraud, the use of an unauthorized access device to commit fraud, and aggravated identity theft.

Documents presented in court show that, from June to September 2018, Oyuntur and conspirators abroad targeted various DoD vendors to trick them into accessing phishing pages.

The emails masqueraded as legitimate communications from the US government and directed the targeted individuals to webpages resembling the official website of the General Services Administration (GSA), where they were prompted to supply their login credentials.

The perpetrators were looking to harvest these credentials and then use them to “make changes in the government systems and ultimately divert money to the conspirators,” the US Department of Justice (DoJ) says.

One of Oyuntur’s targets was a corporation that DoD had contracted to supply jet fuel to troops in southeast Asia, and which employed an individual in New Jersey to handle communication with the government.

[ READ: Third Member of FIN7 Cybercrime Gang Sentenced to US Prison ]

Oyuntur worked with Hurriyet Arslan, the owner of a used car dealership in Florence, New Jersey, who opened a shell company for use in the scheme, and also opened a bank account for the shell company.

In October 2018, Oyuntur convinced the DoD to transfer $23.5 million into Arslan’s Deal Automotive bank account. Arslan was able to access only some of the money, but one of the miscreants altered a government contract to falsely indicate that the DoD was working with Deal Automotive.

The court documents state that Oyuntur told Arslan to take the fake contract and use it at the bank to explain the provenance of the money, to convince the bank to release the remaining funds.

Oyuntur, who will be sentenced at a later date, faces up to 30 years in prison for the conspiracy and bank fraud counts he was convicted of, up to 10 years imprisonment for the use of an unauthorized access device to commit fraud, and a statutory mandatory consecutive term of two years in prison for aggravated identity theft. He may also have to pay more than $1 million in fines.

Arslan, who pleaded guilty in January 2020, is scheduled for sentencing on June 21, 2022.

Related: Estonian Ransomware Operator Sentenced to Prison in US

Related: Two Bulletproof Hosting Administrators Sentenced to Prison in U.S.

Related: ‘Money Mule’ Operator Gets Seven-Year Prison Sentence

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Expert Insights

Related Content


Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.


The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.


A new study by McAfee and the Center for Strategic and International Studies (CSIS) named a staggering figure as the true annual cost of...


The FBI dismantled the network of the prolific Hive ransomware gang and seized infrastructure in Los Angeles that was used for the operation.


Video games developer Riot Games says source code was stolen from its development environment in a ransomware attack


CISA, NSA, and MS-ISAC issued an alert on the malicious use of RMM software to steal money from bank accounts.


Chinese threat actor DragonSpark has been using the SparkRAT open source backdoor in attacks targeting East Asian organizations.


Artificial intelligence is competing in another endeavor once limited to humans — creating propaganda and disinformation.