Nigerian Man Sentenced to 8 Years in Prison for Hacking Tax Firms Globally

Post Views: 94

Nigerian National Sentenced to 8 Years for Orchestrating Large-Scale Hacking Operation

A Nigerian national has been sentenced to eight years in prison for orchestrating a large-scale hacking operation that targeted tax preparation firms in Massachusetts. The scheme, which lasted from June 2016 to June 2021, resulted in the theft of over $1.3 million in fraudulent tax refunds.

Arrest and Indictment

Matthew Abiodun Akande, 37, was arrested in October 2024 at London’s Heathrow Airport and extradited to the United States in March 2025. He was indicted by a federal grand jury in July 2022, while he was still living in Mexico.

Hacking Scheme

According to court documents, Akande gained access to the tax firms’ systems by purchasing licenses for the Warzone remote-access trojan malware, which was later seized by the FBI in February 2024. He also used encryption software to make the malware undetectable by antivirus solutions.

Akande sent phishing emails to four tax preparation firms, impersonating the CEO of a Massachusetts architectural engineering company. The emails contained attachments with the CEO’s 2019 tax documents, including W-2 and 1099 forms, to add credibility. The emails also directed recipients to a Dropbox link that allegedly contained the CEO’s prior-year tax information. However, the link actually installed the malware on the recipients’ systems.

Once inside the firms’ networks, Akande used the Warzone RAT malware to steal clients’ Social Security numbers and prior-year tax data. He then used this information to file over 1,000 fraudulent tax returns, seeking more than $8.1 million in refunds. The refunds were directed to bank accounts controlled by co-conspirators in the United States, who withdrew the funds in cash and transferred a portion to associates in Mexico, as instructed by Akande.

Sentence and Restitution

U.S. District Court Judge Indira Talwani in Boston sentenced Akande to eight years in prison and three years of supervised release. He was also ordered to pay nearly $1.4 million in restitution.

The case highlights the importance of robust cybersecurity measures, particularly in the tax preparation industry, where sensitive client information is often at risk. It also underscores the need for individuals and organizations to be vigilant when receiving unsolicited emails, especially those with attachments or links that may contain malware.