The day after his 29th birthday in May, Olalekan Jacob Ponle posted a picture on his Instagram standing next to a bright yellow Lamborghini in Dubai.
“Stop letting people make you feel guilty for the wealth you’ve acquired,” he admonished, wearing designer jewellery and Gucci clothes from head to toe.
A month later, the Nigerian, who goes by the name “mrwoodbery” on Instagram, was arrested by Dubai Police for alleged money laundering and cyber fraud.
The most famous of the dozen Africans nabbed in the dramatic operation was 37-year-old Ramon Olorunwa Abbas, “hushpuppi” or just “hush” as he was known by his 2.4 million Instagram followers.
Police in the emirate say they recovered $40m (£32m) in cash, 13 luxury cars worth $6.8m, 21 computers, 47 smartphones and the addresses of nearly two million alleged victims.
Mr Abbas and Mr Ponle were both extradited to the US and charged in a Chicago court with conspiracy to commit wire fraud and laundering hundreds of millions of dollars obtained from cybercrimes.
The two have not yet been asked to plead and are presumed innocent until proven guilty.
“I think there’s probably a certain arrogance when they believe they’ve been careful about maintaining anonymity in their online identities, but they live high on the hog and get careless on social media,” said Glen Donath, a former senior prosecutor in the US Attorney’s Office in Washington, DC.
It is a spectacular crash for the two Nigerian men who extensively documented their tacky, high-flying lifestyle on social media, raising questions about the sources of their wealth.
They unwittingly provided crucial information about their identities and activities for American detectives with their Instagram and Snapchat posts.
They are accused of impersonating legitimate employees of various US companies in “business email compromise” (BEC) schemes and tricking the recipients into wiring millions of dollars into their own accounts.
On Instagram, hushpuppi said he was a real estate developer and had a category of videos called “Flexing” – social media lingo for showing off. But the “houses” were actually a codeword for bank accounts “used to receive proceeds of a fraudulent scheme”, investigators allege.
“Our value system in Nigeria needs to be checked, especially the emphasis we place on wealth, no matter how you got it,” the economist Ebuka Emebinah told the BBC from New York.
“It’s a culture where people believe that results speak for you. We don’t place as much emphasis on the process and this has built up over time.”
English Premier League team targeted
In April, hushpuppi renewed his lease for another year at the exclusive Palazzo Versace apartments in Dubai under his real name and phone number.
“Thank you, Lord, for the many blessings in my life. Continue to shame those waiting for me to be shamed,” he captioned an Instagram picture of a Rolls-Royce just a fortnight before he was arrested.
“Abbas finances this opulent lifestyle through crime, and he is one of the leaders of a transnational network that facilitates computer intrusions, fraudulent schemes (including BEC schemes), and money laundering, targeting victims around the world in schemes designed to steal hundreds of millions of dollars,” the Federal Bureau of Investigations (FBI) said in an affidavit.
In one case, a foreign financial institution allegedly lost $14.7m in a cyber-heist where the money ended up in hushpuppi’s bank accounts in multiple countries.
The affidavit also alleged that he was involved in a scheme to steal $124m from an unnamed English Premier League team.
The FBI obtained records from his Google, Apple iCloud, Instagram and Snapchat accounts which allegedly contained banking information, passports, communication with conspirators and records of wire transfers.
About 90% of business email compromise scams originate in West Africa, research from American email security firm Agari shows.
The complaint against Mr Abbas and Mr Ponle describe tactics that resemble what the company calls Vendor Email Compromise tactics, where scammers compromise an email account and study communication between a customer and a vendor.
“The scammer would gather contextual details, as they watched the legitimate email flow,” explains Crane Hassold, Agari’s senior director of threat research.
“The bad actor would redirect emails to the bad actor’s email account, craft emails to the customer that looked like they are coming from the vendor, indicate that the ‘vendor’ had a new bank account, provide ‘updated’ bank account information and the money would be gone, at that point.”
Mr Ponle, known online as “mrwoodberry”, used Mark Kain in emails, according to the FBI.
He is accused of defrauding a Chicago-based company into sending wire transfers of $15.2m. Companies in Iowa, Kansas, Michigan, New York, and California are also said to have fallen victim.
The cash trail allegedly disappeared after his accomplices, called money mules, converted the money into the cryptocurrency bitcoin.
Email scams have become so prevalent globally, and so deeply linked to Nigeria, that the fraudsters have a name in the country: “Yahoo boys”.
They try to convince a recipient to wire money to the other side of the world or they go “phishing”, stealing a user’s identity and personal information for fraud.
The FBI warns against the Nigerian letter or “419” fraud – emails promising large sums of money, called advance fee scams. The “Nigerian prince” trope has become shorthand for deception.