38 in U.S., Romania charged in phishing schemes
Focus is on two related phishing schemes with ties to organized crime
IDG News Service - WASHINGTON -- Thirty-eight people in the U.S. and Romania have been charged in two federal indictments alleging that they used complicated Internet phishing schemes to steal thousands of credit and debit card numbers, U.S. and Romanian authorities said today.
The indictments, in U.S. District Court for the Central District of California and the District of Connecticut, focus on two related phishing schemes with ties to organized crime, the U.S. Department of Justice said. Phishing involves sending e-mail messages that look like official correspondence from banks or credit card vendors in attempts to get recipients to go to fake Web sites and enter their account numbers.
A grand jury in Los Angeles charged 33 people for their alleged participation in a scheme that targeted thousands of individual victims and hundreds of financial institutions. The 65-count indictment was unsealed today. Seven people were charged in a Connecticut indictment for their roles in an Internet phishing scheme, including two who were charged in the Los Angeles case.
U.S. authorities were acting on nine arrest warrants in the Los Angeles area and Romanian authorities were acting on search warrants in that country in connection with the racketeering indictments.
Among the charges in the Los Angeles indictments are conspiracy to violate the Racketeer Influenced and Corrupt Organizations (RICO) Act, conspiracy in connection with access devices, unauthorized access to a protected computer, bank fraud and aggravated identity theft.
The RICO conspiracy charge carries a maximum prison sentence of 20 years, bank fraud has a maximum sentence of 30 years, and device-fraud conspiracy has a maximum sentence of seven and a half years. The unauthorized access count carries a maximum prison sentence of five years, and aggravated identify theft carries a mandatory two-year prison sentence.
The Romanian members of the organization obtained thousands of credit and debit card account numbers and other personal information through phishing, according to the indictment. The group sent more than 1.3 million spam e-mail messages in one phishing attack, the Justice Department said.
The Romanians collected the victims' information and sent the data to cashiers in the U.S. through Internet chat messages, the DOJ said. The U.S. cashiers used hardware called encoders to record the fraudulently obtained information onto the magnetic strips on the back of credit and debit cards. Cashiers then directed other criminals called runners to test the fraudulent cards by checking balances or withdrawing small amounts of money from automated teller machines.
The cards that were successfully tested were used to withdraw money from ATMs or point-of-sale terminals with the highest withdrawal limits, the DOJ said. Part of the money was then wire-transferred to the supplier in Romania.
Seuong Wook Lee, a cashier in the scheme, pleaded guilty on May 15 in U.S. District Court in Los Angeles to racketeering conspiracy, bank fraud, access-device fraud and unauthorized access of a protected computer, the DOJ said.
In the related Connecticut case, seven Romanian residents were charged in an indictment returned by a grand jury in New Haven on Jan. 18 and unsealed Friday. The indictment alleges that the defendants used a phishing scheme to commit fraud in connection with access devices, conspiracy to commit bank fraud and aggravated identity theft.
The Connecticut investigation came from a state resident's complaint about a fraudulent e-mail message made to appear as if it originated from Connecticut-based People's Bank. The e-mail message directed victims to a computer in Minnesota that had been compromised and used to host a counterfeit People's Bank Web site.
On April 23, U.S. Attorney General Michael Mukasey announced a strategy to combat international organized crime.
"Criminals who exploit the power and convenience of the Internet do not recognize national borders; therefore our efforts to prevent their attacks cannot end at our borders either," Deputy Attorney General Mark Filip said in a statement. "Through cooperation with our international partners, we can disrupt and dismantle these enterprises, just as we have done today with these indictments and arrests."
- Best iPhone, iPad Business Apps for 2014
- 14 Tech Conventions You Should Attend in 2014
- 10 Desktop Apps to Power Your Windows PC
- How to Add New Job Skills Without Going Back to School
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- The 12 PCI DSS 3.0 requirements addressed by Peer 1 Hosting This handy quick reference outlines the 12 PCI DSS 3.0 requirements, who needs to be compliant and how Alert Logic solutions address the...
- Defense Throughout the Vulnerability Life Cycle This whitepaper provides insight into how to leverage threat and log management technologies to protect your IT assets throughout their vulnerability life cycle.
- Mobile Policy Checklist Here's what to consider when putting together a mobile policy designed to support a highly productive workforce.
- Securing BYOD Mobile computing is becoming so ubiquitous that people no longer bat an eye seeing someone working two devices simultaneously. Individuals and organizations are...
- Live Webcast On-demand webinar: "Mobility Mayhem: Balancing BYOD with Enterprise Security" Check out this on-demand webinar to hear Sophos senior security expert John Shier deep dive into how BYOD impacts your enterprise security strategy...
- Live Webcast Endpoint Backup & Restore: Protect Everyone, Everywhere Arek Sokol from the bleeding-edge IT team at Genentech/Roche explains how he leverages cross-platform enterprise endpoint backup in the public cloud as part...
- Streamline Software Asset Management, Compose a software Management Symphony Keeping track of your organization's software is easy with effective software management solutions from CDW. View the videos in our software solutions channel
- Druva inSync: Endpoint Data Protection & Governance CLICK HERE to watch this video about protecting corporate data on laptops and mobile devices, sponsored by Druva. All Security White Papers | Webcasts