The U.S. Department of Justice has charged Idris Dayo Mustapha for a range of cybercrime activities between 2011 and 2018 which saw the culprit gulp over $5,000,000.

He was arrested in the United Kingdom in August 2021 and now faces ten counts including wire fraud, aggravated identity theft, securities fraud, computer intrusion, access device fraud, and others. Mustapha faces a minimum sentence of two years which can go up to 20 years in prison.

Mustapha started his various illegal schemes to obtain unauthorized access to U.S.-based email servers that supported bank account and brokerage account access to customers in 2011 with at least one Lithuanian co-conspirator.

Using this method, the hacker was able to steal personal information and monitor their regular activities. He then conducted social engineering against financial institution employees while requesting wire transfers to overseas bank accounts under his control.

Most of Mustapha’s victims were U.S.-based financial institutions and brokerage firms.

The sources for this piece include an article in BleepingComputer.