International phishing crime ring dismantled in USA and Romania

(21/05/2008)

Authorities in the USA and Romania have charged a total of 38 people suspected of running an international crime ring that attempted to steal from thousands of consumers and targeted hundreds of financial institutions.

According to media reports, the gang sought innocent parties' personal information through phishing emails and "smishing" (sending SMS text messages via mobile phone).

Computer users who clicked on links contained in spam emails sent by the gang were taken to a fraudulent website, which posed as a legitimate online bank, where they were tricked into entering their passwords and banking details. According to the US Department of Justice, the gang sent more than 1.3 million spam emails in just one phishing attack.

Information stolen by the phishers was passed via internet chat messages to US-based cashiers, who recorded the stolen data onto the magnetic strip on blank credit and debit cards. Other criminals were then sent to test the cards at ATMs by making balance requests or withdrawing small amounts of money. Once proven to work, the cards would be used to withdraw the maximum amount of money possible. A proportion of the stolen money was then wired back to Romania.

"This was a highly-organised scheme using the internet to steal money from individuals and financial institutions across continents," said Graham Cluley, senior technology consultant for Sophos. "The authorities in the USA and Romania should be applauded for their investigation, which hopefully will result in the dismantling of a major cybercrime ring. Meanwhile, this story carries an important message to consumers and businesses alike to have proper defences in place against phishing attacks, and to never let your guard down when it comes to protecting yourself against internet criminals."

More than half of the people charged are Romanian, although the scams also operated from the United States, Canada, Pakistan and Portugal. If found guilty, gang members could face up to 30 years in jail for bank fraud.

"The rewards for criminals engaged in phishing can be considerable. But this is serious crime, and it deserves a serious punishment," continued Cluley. "Authorities around the world need to have strong legislation in place in order to ensure that a clear message goes out to cybercriminals that their activities will not be tolerated."

Related topics:  Hacking and intrusion prevention   Internet and Web security 

Print version | Email to a friend | Related articles

Data breaches: Trends, costs and best practices gives you all the latest information on securing personal and corporate data, key recommendations for immediate action to improve data security, and how to respond to data breaches.

Other Security news and resources