Ramon Abbas – known to his 2.5 million Instagram followers as Hushpuppi – is considered by the FBI to be one of the world’s most high-profile fraudsters and faces a prison sentence of up to 20 years in the US after pleading guilty to money laundering.
Bazzup has used newly available court documents to uncover the man behind cyber heists that have cost his victims millions, from his humble beginnings as a “Yahoo Boy” hustler in Nigeria to a so-called “Billionaire Gucci Master” living a life of luxury in Dubai before his arrest last year.
The 37-year-old began his career in Oworonshoki, a poor coastal area in the north-east of Lagos, Nigeria’s commercial capital.
Local driver Seye told the BBC that he remembered Abbas as a young boy working alongside his mother in the Olojojo market. His father was a taxi driver.
As he grew older, Seye says, Abbas liked to splash his cash: “He was generous. He used to buy beer for everyone around.”
But everyone knew the source of his mysterious wealth – cybercrime; he was a “Yahoo”, Seye says.
“Yahoo Boys” are romance scammers who took their name from the first free email available in Nigeria.
“They came up with the idea of stealing identities. And then with that identity theft, they went into dating [scams],” explains Dr Adedeji Oyenuga, a cybercrime expert at Lagos State University.
Once a relationship is established via a false identity, romance scammers wheedle money from their online lovers.
Like many Yahoo Boys, Abbas broadened his criminal horizons. Many went to Malaysia – and Abbas followed them, ending up in Kuala Lumpur around 2014, then Dubai in 2017.
North Korean hackers
This is when his Instagram posts – and crimes – went to another level.
In February 2019, he attempted to launder 13m euros (£11m; $15m) stolen by a gang of North Korean hackers from the Maltese Bank of Valletta.
Abigail Mamo, chief executive of the Maltese chamber of small and medium enterprises, says the heist plunged the holiday island into “chaos”.
Shopping trolleys filled with goods were abandoned at checkouts as payment systems shut down.
“We received calls from our members telling us they were sending money using Bank of Valletta’s platform to their foreign suppliers,” says Ms Mamo.
“Their foreign suppliers did not receive the money… We’re talking about thousands of euros.”
The bank said it managed to recover 10m euros.
“Damn,” Abbas said in a text to a fellow scammer at the time in messages obtained by the FBI.
The reply shows the next heist was being planned: “Next one is in few weeks; will let you know when it’s ready. Too bad they caught on, or it would have been a nice pay out.”
Premiership scam scuppered
In May 2019, Abbas was tasked with setting up a bank account in Mexico.
It was to receive £100m from a Premier League Football Club, and £200m from a UK firm. Neither are named in the court documents.
The scams were to be carried out via Business Email Compromise (BEC).
Terrifyingly simple, BEC works by intercepting payments via fake emails that appear to come from an address that is almost exactly the same as the supplier’s. Only a single letter or number will be different.
In that email the scammers – posing as a supplier awaiting payment – typically say they’ve switched banks, so the payment will need to be wired to a different account; the details for which they will provide.
The accounts clerk is fooled into thinking it is a legitimate request from the supplier – and, with a single click of a mouse, vast sums of money are lost.
But the Premiership scam fell apart when the UK banks refused to pay into the Mexican account. “Brother I can’t send from UK to Mexico,” Abbas’s sidekick messaged him. “They keep finding out.”
None of the Premiership clubs would confirm whether or not they were the intended victim.
Jon Shilland, fraud lead with the UK’s National Crime Agency, says it can be difficult tracking down criminal networks based in multiple jurisdictions.
A fact known all too well by Dubai-based lawyer Barney Almazar.
He represents around 25 people – including eight UK citizens – in the United Arab Emirates (UAE), all of whom believe they are victims of one of Hushpuppi’s BEC scams.
“We cannot say with 100% certainty that Hushpuppi is behind it,” Mr Almazar says.
“But if you look at the bank accounts that police have traced, they all belong to the records obtained by the police in their raids [on Hushpuppi’s home in Dubai].”
One UK victim, who wanted to remain anonymous, says he lost £500,000, has been forced to leave the UAE – and is himself facing criminal proceedings in Dubai because of the debt he has incurred as a result of the fraud.
“His clients understand that he was victimised,” Mr Almazar explains.
“But they also have to cover their losses, so right now he doesn’t know how he can get back to the UAE. He has spent his life in the UAE. His family are still in the UAE. He fears that he might get apprehended at immigration immediately.”
Mr Almazar says shame prevents many more of Hushpuppi’s victims coming forward.
“The scam was very sophisticated. Professionals were victimised. Some are hesitant to admit what has happened.”
Qatari school fraud
Abbas’s final big scam before his arrest in Dubai in June 2020 was straight-up identity theft, borrowed from the Yahoo Boy romance scams of his youth.
He assumed the identity of a New York banker to entrap his victim, a Qatari businessperson seeking a $15m loan to build a new school in the Gulf state.
Between December 2019 and February 2020, Abbas and a gang of alleged middlemen in Kenya, Nigeria and the US groomed and conned the victim out of more than a million dollars.
Some of it was laundered via the purchase of a watch worth a staggering $230,000.