www.Justice.gov, Press Release, November 18, 2021

Damian Williams, United States Attorney for the Southern District of New York, and Ricky J. Patel, Acting Special Agent in Charge of the New York Field Office of the Homeland Security Investigations (“HSI”), announced today the arrest of JUAN S. CORDERO, who is charged with leading a fraud ring operating in the United States and the Dominican Republic in which co-conspirators fraudulently purchased iPhones that were billed to compromised accounts of AT&T Wireless (“AT&T”) customers.  CORDERO was apprehended by authorities in the Dominican Republic and transported to the Southern District of New York, where he will be presented later today.  He is the eighth and final defendant arrested on an Indictment that charges CORDERO, DANIEL A. TORRES, ALEKSEY SERYY, RARNIERY MOLINA, a/k/a “Eddy,” ADAEL ARIEL FIGARO, SALAH SAL ALTAWEEL, JOSE F. CORDERO, and JEANCARLOS URENA with conspiracy to commit wire fraud, wire fraud, and aggravated identity theft.  The case is assigned to United States District Judge Alvin K. Hellerstein.

U.S. Attorney Damian Williams said: “As alleged, Juan S. Cordero and his co-conspirators obtained millions of dollars’ worth of iPhones after customers were deceived into providing PIN codes needed to complete the fraudulent transactions.  Now, each defendant has been arrested and charged with serious crimes, and the international scheme has been disconnected.”

HSI Acting Special Agent in Charge Ricky J. Patel said: “This arrest closes the final chapter of an alleged fraud network operating in New York and the Dominican Republic that used modern technology to steal and monetize personal information.  The co-conspirators’ alleged activities left a trail of unsuspecting victims across the United States and caused significant business losses.  HSI prides itself on its ability to couple traditional investigative techniques with cutting edge technical skills to combat cybercrime.”

As alleged in the Indictment[1]:

From at least in or around February 2016 up to and including in or around June 2020, the defendants participated in a criminal fraud ring (the “Fraud Ring”) based in the United States and the Dominican Republic.  Participants in the Fraud Ring sought to obtain iPhones and other electronic devices by billing the devices to the wireless service accounts of victim account holders without the account holders’ knowledge or consent.

To effectuate the scheme, the Fraud Ring obtained personally identifying information (“PII”) belonging to AT&T customers in one of two ways:
First, the Fraud Ring purchased from the dark web account information, such as usernames and passwords, belonging to AT&T customers.  Having purchased the username and password belonging to a particular AT&T customer, a member of the Fraud Ring was able to log into the account of that customer and add a co-conspirator as an authorized user.  In order to complete the addition of an authorized user, a member of the Fraud Ring also had to obtain the resulting confirmatory PIN code sent by AT&T to the true customer.  To do so, a member of the Fraud Ring purporting to be an AT&T representative called the customer.  When placing these calls, the Fraud Ring used Voice Over Internet Protocol (“VOIP”) Technology, which enables a caller to insert a chosen telephone number into the originating caller field.  Often the Fraud Ring input numbers affiliated with, or closely related to, AT&T customer service telephone numbers, leading unsuspecting customers to provide their PIN codes based on their belief that they were communicating with representatives of AT&T.

Alternatively, the Fraud Ring obtained PII of customer accounts through password reset requests.  Using this method, a member of the Fraud Ring, purporting to be an AT&T representative, typically placed a VOIP call to a particular wireless customer and alerted the customer to a forthcoming PIN code.  At that point, while still on the line with the AT&T customer, a member of the Fraud Ring reset the password on that customer’s account and asked the customer to recite the PIN code just sent via text message.  Having obtained the PIN code, the Fraud Ring then changed the password of the customer’s account and added a co-conspirator as an authorized user.

Next, the member of the Fraud Ring whose name had been added to a particular customer account entered either an AT&T retail location or a retailer of iPhones and electronic devices registered to the AT&T network.  Once at the retail location, that member of the Fraud Ring purchased one or more electronic devices, typically iPhones cost at least $1000 each.  The cost of the devices would be charged to the customer account, while the member of the Fraud Ring making the purchase paid only the taxes and processing fees.

Members of the Fraud Ring made in-store purchases of iPhones and other electronic devices from retailers in the Southern District of New York and elsewhere in New York, and in 45 other states.  Once purchased, the iPhones were sold to buyers nationwide.
Following the re-sale of the fraudulently obtained iPhones, co-conspirators wired money to other co-conspirators across the country and in the Dominican Republic.
Over the course of the conspiracy, the Fraud Ring billed over 4,800 iPhones and other electronic devices to AT&T customer accounts, resulting in over $4 million in customer losses, which were ultimately absorbed by AT&T. Press Release