By Evan Ratliff
Illustrations by Randy Cano
For Ramon Abbas, the Instagram influencer popularly known as Ray Hushpuppi, @hushpuppi, Hush, or the Billionaire Gucci Master, birthdays were always a time for reflection. Reflection and extravagance—but then, extravagance was Hushpuppi’s brand, a 365-days-a-year affair, a way of being. On Oct. 11, 2019, the day he turned 37, he was living in a penthouse apartment at the Palazzo Versace Dubai, with a private pool and hot tub on his lanai. A typical @hushpuppi post on Instagram, where he had more than 2 million followers, featured Abbas smiling in front of one of his Ferraris or Rolls-Royces, kicking back in his seat on a private jet, or exiting a designer store with a passel of rope-handled bags—#Hermes, #Fendi, #LouisVuitton. His look was always flawless: never the same outfit twice, #Gucci more often than not. You don’t become the Billionaire Gucci Master any other way.
Even back in 2019, there were questions about how much money Abbas really had and how exactly he’d acquired it. In Nigeria, where he was born, his Instagram presence had turned him into a celebrity adjacent to the biggest names in pop culture. He’d appeared on social media with pop idols Davido and WizKid and soccer players on English clubs like Chelsea and Man City. But Abbas’s wealth was the constant subject of rumors. In the flourishing ecosystem of Nigerian gossip blogs he was “a Nigerian big boy,” shorthand for an online fraudster, or “Yahoo Boy,” who’d struck it rich and showed it off. Abbas dismissed the talk as the jealousy of so many haters, disappointed with their own lives and determined to bring down a self-made man who’d left them all behind.
Whatever the truth, on his 37th birthday, before heading off to a party in his honor in the VIP lounge at the Dubai Burberry store, Abbas paused to acknowledge the fans who’d supported him on his journey from hustling kid to global influencer. “As I turn a year older into my 30s today, I want to celebrate all of you out there,” he wrote on Instagram. The caption accompanied a photo of Abbas in a designer blue track suit, standing in front of a giant sculpture of a Rolls-Royce hood ornament. “Those of you who mostly I have never met, spoken to or anything but have been a strong supporter of me through every situation until this point and still riding for me, I want you to know wherever you are that I celebrate and appreciate you today, today is OUR DAY!”
Several celebrity blogs printed his appreciation in full. The next day, Tammy Abraham, the English striker who’d recently made his debut for Chelsea, posted a photo of Hushpuppi captioned “Happy birthday to my big bro for yesterday❤️?.” Around the same time, Abbas was giving a guided tour of his home to a popular Nigerian radio personality named Daddy Freeze. (“What I was trying to achieve with that interview was something close to MTV Cribs,” Freeze told me recently.) With Freeze filming, they wandered through the penthouse as Abbas showed off his clothes and sneaker collections, and went down to the garage to visit the Rolls and Ferraris. “I have four jacuzzis in this house, a sauna, my private pool,” Abbas told the viewers back home. The apartment, he said, cost “hundreds of thousands of dollars for a year.”
When the pair sat down for dinner, they talked at length about online haters, religion, and family. Money came up only when Abbas asserted that he often made charitable contributions that never appeared on his feed. “My heart is pure. I do a lot of good that even a lot of social media don’t have to know about,” he said. “I sleep good at night. When something good happens to me, I know it’s because I did good. Not because somebody promised me money that I did not work for, or money that I don’t deserve.”
On Instagram, Abbas’s life was a blur of private helicopters and junkets to the Greek isles.
Handling a jewel-encrusted watch made by a Nigerian designer.
Savoring a breakfast spread aboard a private jet in 2019.
What does it mean to deserve such fortune as Hushpuppi’s? What type of work is commensurate with the riches of private jets and $5,000 handbags? The Billionaire Gucci Master had his answers to these questions, but so, too, did the FBI—answers that would form the basis of United States of America v. Ramon Olorunwa Abbas, the criminal case filed against him in a California federal court.
Just three days after his dinner with Daddy Freeze, the U.S. government has alleged, Abbas found another reason to celebrate. According to the federal indictments of him and his alleged co-conspirator, on Oct. 15, 2019, a Chase Bank account Abbas controlled in the U.S. received a wire transfer for $922,857.76. Sent by a New York law firm, the money was meant to be a payment owed to one of its clients, who’d refinanced a piece of real estate at Citizens Bank. When a paralegal at the firm, identified only as K.C., emailed to confirm where the wire should be sent, she received a fax telling her to direct the payment to Chase instead. K.C. called a phone number on the fax to confirm the details and, when everything seemed to match up, initiated the transfer.
In truth, everything did not match up. The fax and phone call had come not from K.C.’s client but, according to court documents, from someone in the orbit of Abbas—perhaps Abbas himself—who’d inserted himself in the middle of the transaction. The gambit was part of what’s known as a “business email compromise,” or BEC, attack: a lucrative, varied, and elusive scam the government claims Abbas and his co-conspirators have executed around the world. BEC scams are increasingly common and exceedingly difficult to stop.
From the Chase account, more than a third of the money was wired to an account at the Canadian Imperial Bank of Commerce. The rest was moved to different bank accounts. On Oct. 17,
Abbas allegedly sent an image of the $396,000 transfer to a Canadian American from Toronto named Ghaleb Alaumary, who authorities say was his partner in previous BEC-like scams. The government says that Alaumary, Abbas, and a loose online confederation of other figures—a group that at times included North Korean state-sponsored hackers—targeted hundreds of millions of dollars in payouts from businesses and banks, including more than $100 million from a single Premier League soccer club.
Alaumary messaged a third person to check that the money had arrived in Canada. When the transfer was confirmed, he messaged Abbas again.
“Sup bro,” Abbas responded.
“Confo u sent me today,” Alaumary said.
“Money came in?” Abbas asked.
“Yes. For Canada.”
“Give me a screenshot.”
Alaumary promised one. He was on a plane that had just landed, he said, and he’d send the image as soon as he had a strong enough signal. But the confirmation never came. Moments later, the FBI approached Alaumary at the airport and placed him under arrest.
Successful BEC scams, such as the ones Alaumary and Abbas stand accused of, always come off a bit like a magic trick. Phil in accounting—or K.C. the paralegal, in the Abbas case—receives an invoice, logs in to a payment system, and sends off what seems like a routine payment. Then—poof!—the money is gone, having seemingly evaporated en route to its intended destination. The client of K.C.’s firm didn’t notice the money was missing until later in October.
BEC attacks started appearing roughly a half-dozen years ago, escalating each year until they surpassed all other forms of internet fraud. The FBI reports there were almost 20,000 such scams against American businesses in 2020 alone, accounting for $1.8 billion in losses, though the variety of BEC crimes can make totals hard to pin down. Crane Hassold, the senior director of threat research at the cyberdefense company Agari Data Inc. and a former FBI analyst, likes to define a BEC as “a response-based impersonation attack that’s requesting something of value”—basically, posing as a legitimate business to trick people into giving away their money.
No matter the flavor, a BEC scam generally begins with someone hacking into a corporate email account often using social engineering tactics like phishing. Once inside, the perpetrators don’t steal anything, not at first. Instead they quietly begin forwarding copies of incoming and outgoing email to themselves. Then they wait. “They watch it for a number of weeks or months, looking for details of certain payments that are going out, understanding who their customers are, looking at communication patterns,” Hassold says. When they spot an invoice coming in or out, they “use that intelligence to insert themselves into an actual payment that is supposed to be due.”
From there the scam can work two ways: If the scammers have compromised the email of the intended recipient of the payment, they simply create an invoice identical to the real one, swapping in their own bank account details, and resend it from the recipient’s email (often with apologies for the mix-up). If, on the other hand, they’ve compromised the sender, they might send a follow-up invoice from a “spoofed” email that appears at first glance to match the payee’s, or even create an entire company and website, one letter off from the real one. In either case, Phil in accounting sees an email that, without careful scrutiny, matches the ones he receives every day.
To the rest of us, it can seem absurd that a corporate employee could send millions of dollars to the wrong bank account. “These attacks are so realistic-looking, most people don’t give it a second thought,” Hassold says. “Because when you’re involved in payments like these, you see a lot of these emails every single day. And when it doesn’t raise any red flags, you are not going to go up the chain and do any confirmation. One would expect that when you get into larger and larger and larger amounts of money that are exchanging hands, that there would be some process that requires secondary authorization or something like that. But in many cases, that’s not what actually happens.”