We all heard the stories, gotten the emails and nodded our heads at the seemingly odd amount of overseas missionaries, dignitaries, and even Princes having a great deal of political turmoil and desperately needs YOU to help them move their money out of the country before the “bad guys” get to it. Of course you are not expected to do all this altruistically. No, in fact there is great reward for those willing to offer their bank account information and some up front cash to help safely get the money to you and give to the owner, minus your seven digit cut.There was a time that all one had to fear was the loss of money and or pride from falling for such a scam and having to explain to friends and family why you are suddenly broke.
It wasn’t until recently that I once again found myself face to face with a much more disturbing and much darker reality. Once agin I found myself helping someone I didn’t know, to do what others refused to do, against someone I have no business challenging and it appeared that once again my chase would lead me into the world of terrorism.
It began with a series of emails and voice messages from a woman asking me to help her with a problem she was having with scammers. I get lots of similar calls and I find I have to pick and choose who I help, when I can. At the time I have been in a much needed hiatus from my show in an effort to work on personal and professional challenges to shifting my investigative focus to Terrorism and Cyber Crime.
I put this call with the stack of “no thanks” in my mailbox. Yet this woman was persistent and sounded more and more desperate and in some ways more insane. I continued to resist even answering to say no. Yet eventually this woman’s tone became more defeated and depressed. Something hit me. That voice that told me to stop avoiding the inevitable and do what’s right….despite my sinking feeling his will not be as simple as it should be. I called her back.
Her name was Dr Jeri Danielle. She was a writer and poet and from her Linkedin Profile did not seem like the typical loon trying to sell me their latest conspiracy theory.
The short version of her story is was that she was in a series of coorospondences over about a 2 month period with an female soldier based in Iraq named Sharon Brown. After building a string rapport and gaining Jeri’s trust and sympathy, she eventually confided that she has amassed some about of many while overseas but felt the danger was too much to avoid moving it to the US soon. Jeri agreed to help her “friend”. Shortly before her “sudden death” she gave Jeri the name of a diplomat friend name “Michael Tomson” who would guide her through the process and get the money to her under the protection of his “diplomatic immunity”.
What follows is a brief account of what followed and what I discovered in the course of my investigation to help uncover who was behind a now months long extortion that has now cost her about $80k and no end in sight to the intimidating demands for more. She said she came after police ignored her, and the federal agencies she went to kept referring her to the IC3 website.
Had I not discovered what I discovered so quickly I too may have been just as incredulous as I’d imagine law enforcement was.
The front person appears to be a UK based operative who uses the name “Tomson Michael” and used this fake credential to gain confidence.
Though again, her first contacts was a series of conversation with a supposed US soldier in Iraq named “Sharon Brown” using the email Sharon Brown–firstname.lastname@example.org
After reviewing past emails and coaching her through a series of fake payment delays in an effort to get them to give up more information for me to work off of, it seemed the Cyber operations are run through Lagos, Nigera and local leg work like collection is done with Houston based operatives and possible some in the south.
Tomson told Jeri someone named Brian Okpala from the Red Cross will be meeting with here at some point and gave the following credential to further gain her confidence:
She communicated with “Brian” via the following email address and phone number:
Her contacts with Tomson has been through the following numbers and email address. email@example.com US-347-809-3510; In the UK–011-44-203-289-4952.
Most of the payments have been to this account: JP Morgan Chase, Account# 900176017 to be picked up by a Kristle McGill at a Houston Branch located 14400 Memorial Drive.
I told her to stop paying and to feign delays and difficulties on order to get alternate info from him to help me trace the source. As a result I was able to get the following additional info:
Wells Fargo: Account# 1487001396 to be picked up by Princewell Okoro
Barclays Bank (UK): Account# 33742504 to be picked up by Misrat Alabi
By following the Princewell lead I found the following.
This Facebook account:
Who in turn is friends with this person who happened to be in Houston where money was collected :
Who in turn is friends with:
But more disturbingly another account came up for this Brian Okpala (aka: Bryian Opahlar) as possibly belong to him:
Since as far back as 2011, despite only recent news coverage, Boko Haram have been very active and it now well known they use these type of operations to fund their terrorist activities.
However all of this could be a coincidence….but I’ll leave that you you to decide.
After an additional 2 days of Thomson calling, and emailing Jeri to escalate his threats and demands for money and after a brief online exchange with this Tomson person in the UK to get him to see reason I finally ended the conversation after those two days with a coincidental public announcement of a sever hack 2 Days prior on JP Morgan Chase and how I would hate for his refusal to not let his greed to get him busted and do what’s right before it’s too late. (FTR I admit nothing other than it clearly could be coincidence I reference to him below).
This is the final letter I sent him (minus referenced graphics that are already posted above):
Hi again “Michael Tomson”
I heard about the cyber breach at Chase Bank. Weren’t we recently discussing one of the account you have there? Oh yes account#900176017, I believe amount a few other it seems. Interestingly it turns out even though the attacker got root on about 3 servers nothing was actually taken. Hmmm….some might think it was just a fluke, others intelligence gathering…..and some of the smarter ones, a warning. How smart are you?
Well at least you don’t have money at Wells Fargo. I mean their security is even worse than JP Morgan. Oh wait…oops, I spoke too soon these accounts look interesting, like this one here #1487001396.
Like I said before, I’m not a cop. I’m someone people call when no one else cannot or will not help them. However as you can see that can allow for a little more freedom to do what must be done to help some get back what is theirs and on occasion, justice served. You will return the money you stole. There are worse things than arrest to fear. As I said in a previous letter, you are likely more expendable and definitively more accessible to the ones you work for and funneling some money to (but we’ll get to that in a bit).
I told there weren’t enough servers in the Russia, Lagos, etc that you can hide behind to keep me from identifying and dealing with those that need dealing with. Even the UK won’t be much help ;) Again, you aren’t the only one with friends and contacts all over the globe.
However lets just start simple….like the local simpletons you have here locally doing your leg work.
Like this genius with horrible OPSEC
(See above photo of Okpala)
Which brings me to who we both know it best not be aware of the mess the sloppy work your little team and greed has gotten you into. Mr Okpahlar (aka Okpala) seems awfully helpful so far….and no one has even talked to him yet…
(see above photo of twitter account that appears in support of Boko Haram)
Ouch!!! Now there are some people I would not want thinking I compromised their money train or OPSEC. Especially if like you, were in easy reach :/
I wonder how long it would take Homeland Security to get what they need out of him….
I gave you a choice earlier to agree to payback the person I specify and keep this between us and we both move on or go ahead and test how serious and how capable I am to be a real problem for you…..just YOU and thus quickly making YOU a very big and public problem for certain people who will rightly assume simply dealing with YOU, not me is the least risky and costly option in protecting their interests.
Now you have your answer to your little test.
You should consider my warning about just a few of the accounts mentioned and about Okpahlar a courtesy and don’t push your luck and try to change things. Who knows what attention that might cause anybody or….agency possibly watching these things, given the recent security leaks that seems to be all around?
Tick Tock, “Michael Tomson”……….or however this is pronounced on the horrible forgery job….
(reference photo of fake Passport above)
As it stands, Tomson appears to have not be as threatening but still continues to contact Jeri.
In keeping with my word to Jeri to make sure her story is told and to “Michael Tomson” whom I promised I would make famous if he continued to terrorize women, I give you what you now read.
Where it will go from here who knows. This and much more was turned over to many friends and contacts in different areas of law enforcement and counter-terroism. I honestly don’t anticipate much trouble from “Tomson” in the future.
There is one more thing I wanted to share before closing. I have yet to verify this as a viable lead but just in case, I’m sharing anyway.
Figuring that once I began contact, with these people, given my public personae and media work they would eventually be drawn to my linkedin profile to check me out and possibly contact me to try and SE (social engineer) me somehow. I hoped it would be the UK guy or one connected to help me close in on the network source.
It was in the midst of this that I was checked out and eventually connection requested by about 5 people but this guy (photo below) stuck out because he is in a totally different industry and not really appear to be a crime media fan. His name is Bruce Johnson Zelotes.
Here is his profile:
What caught my attention most was:
1. He is in the UK
2. Uses a non business email
3. The email address suggests he uses a completely different name at times (mailto:firstname.lastname@example.org).
4. The company he works for is Sonagol.
5. Despite his invitation to connect, he seems unwilling to communicate with me but apparently just wants to see what is written on my profile, as non connections have a limited view.
Still believing I was possibly dealing with a logistics/funding cell, I knew that if I was right, there still had to be a way to launder the money as it continues down the pipeline to Nigeria. It had to be a legal entity with international ties to avoid suspicion. Looking into Sonagol I found they are an oil industry company with headquarters all over, including one in Houston, Texas and apparent business ties to…..surprise, surprise…..Nigeria. Further inquiry into this company by anybody one can see where even more questions arise.
Again this could be all be coincidence but then……I leave it you to decide ;)