The National Bureau of Investigation (NBI) on Friday said it has arrested five persons allegedly involved in a hacking incident that affected more than 700 BDO account holders.
In a statement, NBI Director Eric Distor said the five individuals, including two Nigerian nationals, were part of the “Mark Nagoyo Heist Group” tagged in a massive hacking of BDO accounts.
Distor identified the suspects as Ifesinachi Fountain Anaekwe alias Daddy Champ, Chukwuemeka Peter Nwadi, Jherom Anthony Taupa, Ronelyn Panaligan, and Clay Revillosa.
The Nigerian nationals underwent inquest proceedings before the Department of Justice, Manila for Trafficking in Unauthorized Access Devices under Section 9 of RA 8484 otherwise known as the Access Devices Regulation Act of 1998.
Taupa, meanwhile, is facing complaint for Misuse of Devices under Section 4(a)(5)(i)(aa) of RA 10175 otherwise known as the Cybercrime Prevention Act of 2012.
The NBI said the Nigerian nationals were arrested in an entrapment operation conducted by its Cybercrime Division in Mabalacat, Pampanga on January 18, 2022.
The two were caught in the act of offering accounts for sale during the operation, the agency added.
“The operation stemmed from information provided by the informant who had transactions with the subjects,” the NBI said.
“The informant voluntarily appeared before the NBI-CCD to give information regarding several individuals believed to be leaders, members, or affiliates of Mark Nagoyo Group,” it added.
It can be recalled that BDO account holders in December reported unauthorized money transfer transactions involving tens of thousands of pesos. Initial reports showed that the group was able to access customers’ bank accounts while supposedly bypassing the One-Time-Pin requirement and drained funds in those accounts. Email confirmations for the bulk of the illegal transfers showed that they were made by a certain “Mark D. Nagoyo.”
The informant said the arrested subjects were engaged in the business of providing access devices to anyone looking for options to cash out funds fraudulently obtained, including bank accounts, crypto wallets, or even point-of-sale terminals of otherwise legitimate merchants.
The informant also revealed that he received a call from a certain “Mark Froilan” about money cashouts, who later contacted Nigerian national Anaekwe. The suspect then said he will provide the informant with three different accounts for the transfer of P10 million each, “apparently referring to the funds from BDO alluded to by Mark Froilan.”
Meanwhile, Taupa was arrested in a buy-bust operation also conducted on January 18 in Floridablanca, Pampanga “for selling ‘scampage’ or phishing website.”
The NBI said another informant identified Taupa as one of the masterminds behind the Mark Nagoyo scam. Taupa was said to be engaged in selling scampage, particularly an imitation of Gcash Webpage.
“Accordingly, Taupa modified the code in order to gather the log-in details of unwitting victims who would access the scampage in the mistaken belief that they were opening Gcash’s official portal,” the bureau said.
The owner of the phishing website would then be able to get into the victim’s Gcash accounts to steal their funds.
The NBI said it launched the operation after the information and Taupa agreed on P2,000 payment in cash for the scampage.
“Taupa admitted that he was selling Gcash scampages which he stored in his computer,” it said.
“Further investigation revealed that subject Jherom Taupa is involved in a group heist, being the one sending the emailing list containing personal details of various bank customers to a group of individuals responsible for sending email to the former. The said email contains a link which when clicked, will be used for the hacking process of the heist group,” it added.
The NBI said a separate operation by its operatives yielded the arrest of Panaligan and Revillosa, who were tagged as web developer and downloader in the BDO hacking incident.