Skip to main content
Press Release

Computer Intrusion and Theft Charges Unsealed Against Two Men

For Immediate Release
U.S. Attorney's Office, District of Massachusetts
Defendants allegedly conspired to use stolen taxpayer information to file fraudulent tax returns seeking millions of dollars

BOSTON – The government unsealed charges today against two individuals for their scheme to allegedly intrude Massachusetts tax preparation firms’ computer networks to steal confidential client information and then file fraudulent tax returns seeking tax refunds to be deposited in bank accounts they controlled.

Matthew A. Akande, 35, of Mexico and Nigeria, was arrested on Oct. 15, 2024 at Heathrow Airport in the United Kingdom at the request of the United States. Akande was indicted by a federal grand jury in Boston on July 19, 2022, on one count of conspiracy to obtain unauthorized access to protected computers in furtherance of fraud and to commit theft of government money and money laundering, one count of wire fraud, four counts of unauthorized access to protected computers in furtherance of fraud, 13 counts of theft of government money and 14 counts of aggravated identity theft. The United States will be seeking Akande’s extradition to the United States.

Kehinde H. Oyetunji, 33, of North Dakota and Nigeria, pleaded guilty in federal court in Boston on Dec. 22, 2022 to one count of conspiracy to obtain unauthorized access to protected computers in furtherance of fraud and to commit theft of government money and money laundering. Sentencing before U.S. District Judge Angel Kelley will be scheduled at a later date.

Between in or about June 2016 and June 2021, Akande, Oyetunji and others are alleged to have worked together to steal money from the United States government using taxpayers’ personally identifiable information (PII) to file fraudulent tax returns in the taxpayers’ names. In addition, between in or about February 2020, the scheme involved stealing taxpayers’ PII from Massachusetts tax preparation firms via phishing attacks and computer intrusions.

To carry out the scheme, Akande is alleged to have caused fraudulent phishing emails to be sent to five Massachusetts tax preparation firms. The emails purported to be from a prospective client seeking the tax preparation firms’ services but in truth were used to trick the firms into downloading remote access trojan malicious software (“RAT malware”), including RAT malware known as Warzone RAT. Akande allegedly used the RAT malware to obtain the PII and prior year tax information of the tax preparation firms’ clients, which Akande then used to cause fraudulent tax returns to be filed seeking refunds. The tax returns directed that the fraudulent tax refunds be deposited in bank accounts opened by Oyetunji and others. Once the refunds were issued, Oyetunji and others withdrew the stolen money in cash in the United States and then transferred a portion to third parties in Mexico, allegedly at Akande’s direction, while keeping a portion for themselves. In total, Akande and his coconspirators are alleged to have filed more than 1,000 fraudulent tax returns seeking over $8.1 million in fraudulent tax refunds over approximately five years. They are alleged to have successfully obtained over $1.3 million in fraudulent tax refunds.

Federal authorities encourage all businesses that suspect they have been the target and/or victim of a cyberattack to file a complaint with the Internet Crime Complaint Center at www.ic3.gov. Taxpayers and tax preparation firms that suspect they have been the target and/or victim of a phishing attack can also forward phishing email(s) to phishing@irs.gov.

The charge of conspiracy provides for a sentence of up to five years in prison, three years of supervised release and a fine of $250,000 or twice the gross gain or loss, whichever is greater. The charge of wire fraud provides for a sentence of up to 20 years in prison, three years of supervised release and a fine of $250,000 or twice the gross gain or loss, whichever is greater. The charge of unauthorized access to protected computers in furtherance of fraud provides for a sentence of up to five years in prison, three years of supervised release and a fine of $250,000 or twice the gross gain or loss, whichever is greater. The charge of theft of government money provides for a sentence of up to 10 years in prison, three years of supervised release and a fine of $250,000 or twice the gross gain or loss, whichever is greater. The charge of aggravated identity theft provides for a mandatory sentence of two years in prison to be served consecutive to any other sentence imposed, one year of supervised release and a fine of $250,000 or twice the gross gain or loss, whichever is greater. Sentences are imposed by a federal district court judge based upon the U.S. Sentencing Guidelines and statutes which govern the determination of a sentence in a criminal case.

Acting United States Attorney Joshua S. Levy; Jodi Cohen, Special Agent in Charge of the Federal Bureau of Investigation, Boston Division; and Harry Chavis, Jr., Special Agent in Charge of the Internal Revenue Service’s Criminal Investigations in Boston made the announcement. Assistant U.S. Attorney James R. Drabick of the Securities, Financial & Cyber Fraud Unit is prosecuting the cases.

The details contained in the charging documents are allegations. The defendant is presumed innocent unless and until proven guilty beyond a reasonable doubt in a court of law.

Updated November 13, 2024

Topics
Cybercrime
Financial Fraud
Identity Theft