38 in U.S., Romania charged in phishing schemes

Top Stories

Related

• Clues point to Jan. 13 release of Windows 7 beta
• Microsoft releases Vista SP2 beta
• Obama's DHS pick may find support for raising H-1B cap at confirmation hearing
• IBM wants info from Apple execs in Papermaster case
• Report: Former AOL chief exec tries to raise funds to buy Yahoo
• U.S. report sees major terror attack by 2013, ignores cyberattack risk

• Surge in phishing attacks prompts calls for change
• Study: Phishing attacks up by 50% per month
• Security concerns cloud holiday shopping
• U.S. government bolsters efforts to fight ID theft, report says
• FTC's New Red Flag Rules cast wide identity theft net

Zone

The Security Zone With the mobility of employees and the ease with which external devices can be brought in and out of a network, continuing to build your security plan for network servers and clients is a must. Fortunately, there is much that organizations can do to protect themselves from attacks - internal and external. Having the right policies, procedures and server configurations is critical... Learn more in The Security Zone See All Zones

May 19, 2008 (IDG News Service) WASHINGTON -- Thirty-eight people in the U.S. and Romania have been charged in two federal indictments alleging that they used complicated Internet phishing schemes to steal thousands of credit and debit card numbers, U.S. and Romanian authorities said today.

The indictments, in U.S. District Court for the Central District of California and the District of Connecticut, focus on two related phishing schemes with ties to organized crime, the U.S. Department of Justice said. Phishing involves sending e-mail messages that look like official correspondence from banks or credit card vendors in attempts to get recipients to go to fake Web sites and enter their account numbers.

A grand jury in Los Angeles charged 33 people for their alleged participation in a scheme that targeted thousands of individual victims and hundreds of financial institutions. The 65-count indictment was unsealed today. Seven people were charged in a Connecticut indictment for their roles in an Internet phishing scheme, including two who were charged in the Los Angeles case.

U.S. authorities were acting on nine arrest warrants in the Los Angeles area and Romanian authorities were acting on search warrants in that country in connection with the racketeering indictments.

Among the charges in the Los Angeles indictments are conspiracy to violate the Racketeer Influenced and Corrupt Organizations (RICO) Act, conspiracy in connection with access devices, unauthorized access to a protected computer, bank fraud and aggravated identity theft.

The RICO conspiracy charge carries a maximum prison sentence of 20 years, bank fraud has a maximum sentence of 30 years, and device-fraud conspiracy has a maximum sentence of seven and a half years. The unauthorized access count carries a maximum prison sentence of five years, and aggravated identify theft carries a mandatory two-year prison sentence.

The Romanian members of the organization obtained thousands of credit and debit card account numbers and other personal information through phishing, according to the indictment. The group sent more than 1.3 million spam e-mail messages in one phishing attack, the Justice Department said.

The Romanians collected the victims' information and sent the data to cashiers in the U.S. through Internet chat messages, the DOJ said. The U.S. cashiers used hardware called encoders to record the fraudulently obtained information onto the magnetic strips on the back of credit and debit cards. Cashiers then directed other criminals called runners to test the fraudulent cards by checking balances or withdrawing small amounts of money from automated teller machines.

The cards that were successfully tested were used to withdraw money from ATMs or point-of-sale terminals with the highest withdrawal limits, the DOJ said. Part of the money was then wire-transferred to the supplier in Romania.

Seuong Wook Lee, a cashier in the scheme, pleaded guilty on May 15 in U.S. District Court in Los Angeles to racketeering conspiracy, bank fraud, access-device fraud and unauthorized access of a protected computer, the DOJ said.

In the related Connecticut case, seven Romanian residents were charged in an indictment returned by a grand jury in New Haven on Jan. 18 and unsealed Friday. The indictment alleges that the defendants used a phishing scheme to commit fraud in connection with access devices, conspiracy to commit bank fraud and aggravated identity theft.

The Connecticut investigation came from a state resident's complaint about a fraudulent e-mail message made to appear as if it originated from Connecticut-based People's Bank. The e-mail message directed victims to a computer in Minnesota that had been compromised and used to host a counterfeit People's Bank Web site.

Investigators found that the defendants had targeted several banks and other companies, including Citibank, Capital One and PayPal.

On April 23, U.S. Attorney General Michael Mukasey announced a strategy to combat international organized crime.

"Criminals who exploit the power and convenience of the Internet do not recognize national borders; therefore our efforts to prevent their attacks cannot end at our borders either," Deputy Attorney General Mark Filip said in a statement. "Through cooperation with our international partners, we can disrupt and dismantle these enterprises, just as we have done today with these indictments and arrests."

Reprinted with permission from

IDG.net
Story copyright 2008 International Data Group. All rights reserved.