Tricked at the Top: US Dept. of Defense

Quite amazingly, a resident of California conducted a phishing operation and managed to successfully reroute government money to his personal account, causing over $23.5 million dollars of damage to the Department of Defense, back in 2018.

The 40 year old fraudster, Oyuntur, posed as a popular vendor database (where companies that want to conduct business with the Federal Government register themselves) in order to send phishing emails to the users and have them register their account details at a cloned “” website. 

According to, in at least one confirmed case, Oyuntur logged onto one of the stolen accounts belonging to a corporation from Southeast Asia that had 11 active contracts of fuel provision for the United States military at the time. explains, “one of these contracts was a $23,453,350 contract with a pending payment for the provision of 10,080,000 gallons of jet fuel to the U.S. DoD. By logging in onto the SAM database as the victimized corporation, Oyuntur changed the registered banking information, replacing the foreign account with one that he controlled. Oyuntur faces a maximum potential penalty of 30 years in prison and a maximum fine of $1,000,000 or twice the gross profits of loss resulting from his offenses.” 

Crime doesn’t pay. Protecting yourself against phishing attacks does.


  • Carefully check government email addresses and websites for spelling mistakes or use of special characters.
  • Navigate manually to official government websites and avoid using links in emails.
  • And finally, if it’s too good to be true, it’s probably too good to be true! So, when in doubt, trust your instincts and check it out.

Start Getting Value With
Centraleyes for Free

See for yourself how the Centraleyes platform exceeds anything an old GRC
system does and eliminates the need for manual processes and spreadsheets
to give you immediate value and run a full risk assessment in less than 30 days

Start automating your risk management
Skip to content