Cameroon Hacker Arrested in $2 million Phishing Scam

32-year-old Cameroon national Eric Donys Simeu was caught after launching a phishing scheme on the customers of two US travel agencies to steal their credentials and purchase airline tickets.

The man was apprehended in France in 2014 after using counterfeit boarding passes to get from Morocco to France. He was travelling with a fake UK passport. Simeu was extradited from France to the US and indicted on charges of conspiracy, wire fraud, computer fraud, and access device fraud.

For three years, Simeu launched spear phishing attacks on US-based travel agencies and websites in an international campaign which made him $2 million. The target were the customers of companies that belong to Global Distribution System (“GDS”).

Simeu stole their credentials for identity authentication by sending emails doctored to look like official communication. Unique log-in credentials were used to purchase airline tickets, later used for personal travel or sold in West Africa for far less. Since the companies were in Georgia and Texas, the case was brought to the attention of US authorities.

“The arrest and extradition of Eric Simeu is the result of a multi-national effort led by the FBI, which demonstrates the benefits of global cooperation among international law enforcement and the private sector,” said J. Britt Johnson, Special Agent in Charge, FBI Atlanta Field Office.

The case is currently under the investigation of the FBI and the State Department Diplomatic Security Service.