Ramon Abbas – known to his 2.5 million Instagram followers as Hushpuppi – is considered by the FBI to be one of the world’s most high-profile fraudsters and faces a prison sentence of up to 20 years in the US after pleading guilty to money laundering.
The BBC has used newly available court documents to uncover the man behind cyber heists that have cost his victims millions, from his humble beginnings as a “Yahoo Boy” hustler in Nigeria to a so-called “Billionaire Gucci Master” living a life of luxury in Dubai before his arrest last year.
The 37-year-old began his career in Oworonshoki, a poor coastal area in the north-east of Lagos, Nigeria’s commercial capital.
Local driver Seye told the BBC that he remembered Abbas as a young boy working alongside his mother in the Olojojo market. His father was a taxi driver.
As he grew older, Seye says, Abbas liked to splash his cash: “He was generous. He used to buy beer for everyone around.”
But everyone knew the source of his mysterious wealth – cybercrime; he was a “Yahoo”, Seye says.
“Yahoo Boys” are romance scammers who took their name from the first free email available in Nigeria.
“They came up with the idea of stealing identities. And then with that identity theft, they went into dating [scams],” explains Dr Adedeji Oyenuga, a cybercrime expert at Lagos State University.
Once a relationship is established via a false identity, romance scammers wheedle money from their online lovers.
Like many Yahoo Boys, Abbas broadened his criminal horizons. Many went to Malaysia – and Abbas followed them, ending up in Kuala Lumpur around 2014, then Dubai in 2017.
In May 2019, Abbas was tasked with setting up a bank account in Mexico.It was to receive £100m from a Premier League Football Club, and £200m from a UK firm. Neither are named in the court documents.
The scams were to be carried out via Business Email Compromise (BEC).
Terrifyingly simple, BEC works by intercepting payments via fake emails that appear to come from an address that is almost exactly the same as the supplier’s. Only a single letter or number will be different.
In that email the scammers – posing as a supplier awaiting payment – typically say they’ve switched banks, so the payment will need to be wired to a different account; the details for which they will provide.
The accounts clerk is fooled into thinking it is a legitimate request from the supplier – and, with a single click of a mouse, vast sums of money are lost.
But the Premiership scam fell apart when the UK banks refused to pay into the Mexican account. “Brother I can’t send from UK to Mexico,” Abbas’s sidekick messaged him. “They keep finding out.”
None of the Premiership clubs would confirm whether or not they were the intended victim.