FORMAL criminal charges have been filed against four persons following their alleged involvement in the hacking of hundreds of BDO Unibank Inc. accounts last December 2021.

Facing charges for violation of Republic Act No. 8484 or the “Access Devices Regulation Act of 1998” and Republic Act No. 10175 or the “Cybercrime Prevention Act of 2012” are Jherom Anthony Taupa, Nigerian Ifesinachi Fountain Anaekwe, Ronelyn Panaligan a.k.a. ‘Luka Hanabi,’ and Clay Revillosa a.k.a. ‘X-men.’

On the other hand, similar charges were filed against the 5th respondent, Chukwuemeka Peter Nwadi, who will be subjected to another round of investigation at the Department of Justice (DOJ).

The DOJ said that a motion for issuance of Hold Departure Order will be filed against Anaekwe, and a motion for issuance of Precautionary Hold Departure Order against Nwadi.

Citing the investigation conducted by the National Bureau of Investigation Cybercrime Division (NBI CCD), the DOJ said the tasks of the five (5) respondents were compartmentalized – that is, their respective participations are vital, without which, fraudulent transfers or illegal access of online accounts would not be possible.

The NBI CCD compared the modus operandi to money laundering – after hackers have illegally accessed the online banking account or banking system, they would transfer the money to a dummy bank account.

Thereafter, another transfer would then be made either to another dummy bank account, GCash or PayMaya account. Money mules are then engaged to personally withdraw or cash out the stolen money, who would earn by getting commissions from the total amount of withdrawn money.

It is only after a series of transfers would the stolen money be moved to the syndicate’s accounts.

Anaekwe and Nwadi, both Nigerians, were said to be working for the “Mark Nagoyo Group”. They are engaged in the business of providing access devices to anyone looking for options to cash out funds fraudulently obtained.

These access devices range from bank accounts, crypto wallets, or even point of sale terminals of legitimate merchants.

Taupa was found to be selling “a “Scampage” or a phishing website which is an imitation of the webpage of GCASH, a well-known electronic money issuer whose real site is hosted on https://www.gcash.com.

The scampage is used to harvest the login details, usernames, passwords, and mobile personal identification numbers (MPINs) of unwitting victims who would access the scampage under the mistaken belief that they were accessing GCASH’s official portal. The scampage further provides access to victims’ GCASH accounts in order to steal the funds therein. The scampage was being sold for P2,000.00.

The inquest prosecutor charged Revillosa with the offense of Misuse of Devices under Section 4(a), paragraph 5(bb) of Republic Act No. 10175 and Section 9(k) of Republic Act No. 8484 for having in his possession an access device without authority from the owners thereof.

The online fraud — which happened amid the Christmas shopping season last year — affected close to 700 clients of BDO.

Some BDO clients reported that their money were illegally transferred to a UnionBank account under the name “Mark Nagoyo” and used to buy cryptocurrency.