(File photo)
MANILA – Prosecutors have filed criminal charges against four suspects arrested by the National Bureau of Investigation (NBI) over the hacking of hundreds of accounts of BDO Unibank Inc. (BDO) clients in December last year.
In a message to reporters Wednesday, Justice Undersecretary and spokesperson Emmeline Aglipay-Villar said the four -- Jherom Anthony Taupa, Nigerian national Ifesinachi Fountain Anaekwe, Ronelyn Panaligan alias 'Luka Hanabi', and Clay Revillosa alias 'X-men' -- have been charged with violations of Republic Act 8484 or the Access Devices Regulation Act of 1998 and RA 10175 or the Cybercrime Prevention Act of 2012.
A similar complaint against a second Nigerian national, Chukwuemeka Peter Nwadi, was recommended for further investigation, she added.
The cases were filed by the NBI – Cybercrime Division (NBI-CCD) in connection with several entrapment operations conducted on January 20 and 22 against the individuals who were allegedly behind the fraudulent transactions that targeted BDO account holders.
Prosecutors found out that Panaligan acted under the user name "Luka Hanabi" on the “Max Bounty” Facebook page and sold dummy accounts.
Acting as a "verifier", Panaligan would pretend to conduct a survey and ask victims for their identification cards with photographs in exchange for PHP50 in prepaid credit load for “participating in the survey”.
The information and photographs of the victims, without their knowledge, would be used to apply for verified GCash or Paymaya accounts and after securing the debit cards, would offer it for sale to other fraudsters looking to cash out funds from illegitimate sources.
Panaligan was arrested after she offered for sale the ATM fraudulently applied for a Paymaya account. There was even an agreement with the poseur customer that after the money has been transferred to the account, they will share in the proceeds of the fraudulent transaction.
Revillosa, a third-year college student, was found to be selling 800,000 mailing lists or e-mail addresses containing log-in credentials of online banking accounts for PHP30,000. The mailing lists are used in the preparatory stages of large-scale fraudulent activities.
In his sworn statement, Revillosa said he hacked the database of websites to obtain the mailing lists and that he was subsequently contacted by the group which conducted the BDO heist.
Anaekwe, alias 'Daddy Champ' and Nwadi, the DOJ said, are the brains behind the “Mark Nagoyo Group” and provided access devices such as bank accounts, crypto wallets, or even point of sale (POS) terminals of legitimate merchants to fraudsters.
During the entrapment, “Daddy Champ” offered different company accounts that can be used to transfer PHP10 million each. The company accounts serve as “dropping accounts” and were sold for PHP2,000 each.
As for Nwadi, it was recommended that further investigation be conducted as to his direct participation in the commission of the offense.
Other than his presence during the entrapment operation, no other evidence was adduced by complainants as to his participation in the trafficking of unauthorized access devices.
Given these findings, the prosecutors said additional evidence must be presented to determine if there is probable cause for his indictment, and in the meantime, he will be released from detention.
Taupa was found to be selling “a “SCAMPAGE” for PHP2,000. It is a phishing website that is an imitation of the webpage of GCash whose real site is hosted on https://www.gcash.com.
The "SCAMPAGE" was used to harvest the login details, usernames, passwords, and mobile personal identification numbers (MPINs) of unwitting victims who would access it under the mistaken belief that they were accessing the GCash official portal.
It further provides access to victims’ GCash accounts in order to steal the funds therein. (PNA)
