COLLEGE STATION, Texas (KBTX) – A College Station man is among five people in the U.S. facing federal charges linked to a global scheme to steal property and information worth millions of dollars from companies and their employees.
Ahmed Hossam Eldin Elbadawy, 23, is accused along with others of targeting employees of companies nationwide with phishing text messages and then using the harvested employee credentials to log in and steal non-public company data and information. They are also accused of hacking into virtual currency accounts to steal millions of dollars in cryptocurrency.
A federal grand jury indicted each defendant with one count of conspiracy to commit wire fraud, one count of conspiracy, and one count of aggravated identity theft.
“We allege that this group of cybercriminals perpetrated a sophisticated scheme to steal intellectual property and proprietary information worth tens of millions of dollars and steal personal information belonging to hundreds of thousands of individuals,” said United States Attorney Martin Estrada. “As this case shows, phishing and hacking have become increasingly sophisticated and can result in enormous losses. If something about the text or email you received or the website you’re viewing seems off, it probably is.”
Online jail records show Elbadawy was arrested in Brazos County in 2022 on charges of Unlawful Carrying of a Weapon, a Class A misdemeanor. The next hearing for this charge is set for Jan. 22, 2025.
THE OTHER DEFENDANTS
According to the U.S. Attorney’s Office Central District of California, the others charged in this investigation include:
A criminal complaint was also unsealed on Thursday charging Tyler Robert Buchanan, 22, of the United Kingdom, with conspiracy to commit wire fraud, conspiracy, wire fraud, and aggravated identity theft.
“The defendants allegedly preyed on unsuspecting victims in this phishing scheme and used their personal information as a gateway to steal millions in their cryptocurrency accounts,” said Akil Davis, the Assistant Director in Charge of the FBI’s Los Angeles Field Office. “These types of fraudulent solicitations are ubiquitous and rob American victims of their hard-earned money with the click of a mouse. I’m proud of our stellar cyber agents whose work led to the identification of the alleged schemers who are facing significant prison time if convicted.”
HOW THE SCHEME WORKED
According to court documents, from at least September 2021 to April 2023, the defendants conducted phishing attacks by sending mass short message service (SMS) text messages to mobile phones of numerous victim companies’ employees – messages that purported to be from the victim company or a contracted information technology or business services supplier of the victim company.
The phishing text messages often stated that the employees’ accounts were about to be deactivated and provided links to phishing websites that were designed to look like legitimate websites of the victim companies or their contracted suppliers and lure the recipient into providing confidential information, including account login credentials. Some employees went to the phishing websites, entered their credentials, and sometimes authenticated their identities using a two-factor authentication request sent to their mobile phones.
The defendants then used the stolen credentials to gain unauthorized access to the accounts of victim companies’ employees and the companies’ computer systems to steal confidential information, including confidential work product, intellectual property, and personal identifying information, such as account access credentials, names, email addresses, and telephone numbers.
The group also used stolen information obtained from victim company intrusions, leaked data sets, and other sources, to gain unauthorized access to numerous individuals’ cryptocurrency accounts and wallets and steal millions of dollars’ worth of virtual currency.
POSSIBLE PUNISHMENT
If convicted, each defendant would face a statutory maximum sentence of 20 years in federal prison for conspiracy to commit wire fraud, up to five years in federal prison for the conspiracy count, and a mandatory two-year consecutive prison sentence for aggravated identity theft. Buchanan would face up to 20 years in prison for the wire fraud count as well.
The FBI is investigating these matters. The United States Attorney’s Office for the Eastern District of North Carolina, Police Scotland and the FBI field offices in Charlotte, Denver, Houston and Portland provided assistance during this investigation.
Assistant United States Attorneys Lauren Restrepo of the Cyber and Intellectual Property Crimes Section and Sue J. Bai of the Terrorism and Export Crimes Section are prosecuting these cases.
Copyright 2024 KBTX. All rights reserved.

source