A US federal grand jury in Los Angeles has
charged 33 individuals in a 65-count indictment for their alleged
participation in an international scheme that used e-mail phishing
to defraud thousands of individual victims and hundreds of
financial institutions. Those indicted have been linked to
criminals operating in Romania.
charged 33 individuals in a 65-count indictment for their alleged
participation in an international scheme that used e-mail phishing
to defraud thousands of individual victims and hundreds of
financial institutions. Those indicted have been linked to
criminals operating in Romania.
According to the indictment, the Romania-based
gang members obtained thousands of credit and debit card accounts
and related personal information by sending emails that appeared as
if they originated from legitimate banks and other financial
institutions. On one day alone more than 1.3 million of these
phishing emails were sent. Once directed to a bogus website,
victims were then prompted at those sites to enter access device
and personal information.
gang members obtained thousands of credit and debit card accounts
and related personal information by sending emails that appeared as
if they originated from legitimate banks and other financial
institutions. On one day alone more than 1.3 million of these
phishing emails were sent. Once directed to a bogus website,
victims were then prompted at those sites to enter access device
and personal information.
What the indictment termed “the Romanian
suppliers” collected the victims’ information and sent the data to
US-based “cashiers” via internet chat messages. The US cashiers
used encoders to record the fraudulently obtained information onto
the magnetic strips on payment cards. Cashiers then directed
accomplices to test the fraudulent cards by checking balances or
withdrawing small amounts of money at ATMs. Cards that were
successfully tested, known as cashable cards, were used to withdraw
money from ATMs or POS terminals that the cashiers had determined
permitted the highest withdrawal limits. A portion of the proceeds
was then wire transferred to the Romanian supplier who had provided
the information.
suppliers” collected the victims’ information and sent the data to
US-based “cashiers” via internet chat messages. The US cashiers
used encoders to record the fraudulently obtained information onto
the magnetic strips on payment cards. Cashiers then directed
accomplices to test the fraudulent cards by checking balances or
withdrawing small amounts of money at ATMs. Cards that were
successfully tested, known as cashable cards, were used to withdraw
money from ATMs or POS terminals that the cashiers had determined
permitted the highest withdrawal limits. A portion of the proceeds
was then wire transferred to the Romanian supplier who had provided
the information.
During the course of the investigation, it was
determined that the indicted individuals had engaged in phishing
schemes against many financial institutions and companies,
including Citibank, Capital One, JPMorgan Chase, Comerica Bank,
Wells Fargo, eBay and PayPal.
determined that the indicted individuals had engaged in phishing
schemes against many financial institutions and companies,
including Citibank, Capital One, JPMorgan Chase, Comerica Bank,
Wells Fargo, eBay and PayPal.
Indictment of the 33 accused followed a joint
investigation involving the Federal Bureau of Investigation, US
Immigration and Customs, the US Postal Service, the Internal
Revenue Service, local law enforcement agencies and Romanian
police.
investigation involving the Federal Bureau of Investigation, US
Immigration and Customs, the US Postal Service, the Internal
Revenue Service, local law enforcement agencies and Romanian
police.
If convicted the accused face daunting maximum
sentences. These include 20 years for racketeering, seven and a
half years for access device fraud, 10 years for production, use
and trafficking in counterfeit access devices, 15 years for
possession of device making equipment, and 30 years for bank
fraud.
sentences. These include 20 years for racketeering, seven and a
half years for access device fraud, 10 years for production, use
and trafficking in counterfeit access devices, 15 years for
possession of device making equipment, and 30 years for bank
fraud.
Go deeper with GlobalData
