A Nigerian man, Kingsley Uchelue Utulu, has been sentenced to more than five years in prison for his role in a massive hacking and identity theft scheme. The sentence—63 months in total—was handed down by U.S. District Judge Paul G. Gardephe in a federal court in New York.
The crime began in 2019, when Utulu and several co-conspirators, all based in Nigeria, began targeting U.S. tax preparation businesses. They used fake emails, known as spearphishing, to trick employees into clicking harmful links. These links gave the hackers access to the companies’ computer systems, allowing them to steal sensitive customer information like names, Social Security numbers, and tax records.
Tax businesses in states such as New York, Texas, and others were affected. Once the information was stolen, the group used it to commit fraud, pretending to be the real people in order to steal money from the U.S. government.
Millions in Fake Refunds and Loans
According to court documents, the hackers used the stolen personal information to file fake tax returns with the Internal Revenue Service (IRS) and state tax agencies. These fake returns claimed refunds on behalf of real people—without their knowledge.
The group tried to steal about $8.4 million through these fake filings. They were successful in obtaining at least $2.5 million in fraudulent refunds.
But the scheme didn’t end with taxes. During the COVID-19 pandemic, the U.S. government offered special loans to help small businesses survive. These loans were part of the Small Business Administration’s Economic Injury Disaster Loan (EIDL) program. Utulu and his partners used the stolen identities to apply for these loans fraudulently, and they managed to collect around $819,000 in EIDL funds they didn’t deserve.
The fraud affected both private citizens and government programs designed to support those in need. Innocent people’s information was misused, and taxpayer money was stolen.
International Arrest and Sentencing
Utulu wasn’t in the United States when the crimes happened. He was arrested in the United Kingdom and later extradited to the U.S. for prosecution. After pleading guilty to conspiracy to commit wire fraud, he faced sentencing in federal court.
In addition to his 63-month prison sentence, Utulu, now 38 years old, must pay back $3,683,029.39 in restitution. He also has to forfeit $290,250, which the court ruled was gained through illegal activities.
U.S. Attorney Jay Clayton commented that scammers like Utulu may think they are safe operating from overseas, but the U.S. Department of Justice and the FBI are determined to catch them. “We are committed to protecting Americans from criminals operating offshore,” he said.
FBI Assistant Director in Charge Christopher G. Raia added that Utulu and his group infiltrated computer systems and stole more than $2 million through deceitful practices. “The FBI will never exempt any individual who seeks to unlawfully profit through deceitful practices,” Raia stated.
The case was investigated by the FBI and prosecuted by the U.S. Attorney’s Office for the Southern District of New York, specifically its Complex Frauds and Cybercrime Unit. Assistant U.S. Attorney Daniel G. Nessim led the prosecution.
This case highlights how international cybercrime rings can be tracked, caught, and brought to justice—even when operating from abroad.
