Experts at SophosLabsâ„¢, Sophos's global
network of virus, spyware and spam analysis centers, have welcomed
the news that members of an alleged international phishing gang
have been arrested following an investigation by Italian
police.
The Guardia di Finanza have apprehended 18 Italian citizens and
8 foreign nationals from Eastern Europe in an operation dubbed
"Phish & Chip", following a widespread phishing campaign that
targeted internet users of Poste Italiane's home-banking services.
Poste Italiane is the government-owned postal service which offers
financial services across Italy.
The gang are alleged to have spammed out emails, directing users
to a bogus Poste Italiane website that stole their login
information.
According to a police
statement, a 22-year-old man was the main hacker in the group,
and confessed to sending emails that pretended to come from Poste
Italiane, directing internet users to web servers based overseas
that had cloned the appearance of the real banking website. Once
login information had been seized, he is alleged to have emptied
the innocent users' bank accounts and transferred the money to
PostePay cards activated by members of the gang.
The man police alleged to be the ringleader of the gang is said
to have made an escape attempt lasting 12 hours before eventually
being arrested by the Military Financial Police. The man declared
to the authorities that he was a data processing consultant who
helped Italian companies prevent credit card fraud.
Laptop computers, data backup devices, false documents, mobile
phones, and materials for creating credit cards have been seized by
the authorities at the locations they searched across Italy.
Numerous credit cards belonging to the Banca Intesa were also
confiscated, some of which are said to have been used by the gang
the day before at the Casino of San Remo.
"The Italian authorities should be applauded for cracking down
on illegal activity like this. Internet criminals can use
technology to hide their identities, and it can often be a complex
web for the police to untangle," said Graham Cluley, senior
technology consultant for Sophos. "Phishing and identity theft are
global problems, and countries need to work more closely with each
other to bring cybercriminals to justice. These arrests underline
the growing organized nature of international identity theft gangs,
but there are many other phishers still at large."
Sophos experts encourage all computer users to learn how to
reduce the risk
of being hit by a phishing attack.
"All computer users should exercise caution over the emails they
open, which websites they visit, and who they give their
confidential information to as they may find they are falling into
a hacker's trap," continued Cluley.
Earlier this month, Sophos reported
how more than 10,000 web pages based in Italy had been attacked by
hackers attempting to infect innocent people's computers for the
purposes of identity theft.
Sophos recommends companies protect their desktops, servers and
gateways with a consolidated solution to
thwart the threats of viruses, spyware, hacking, phishing and
spam.
Sophos is headquartered in Boston, US and Oxford, UK. More information is available at www.sophos.com.