38 charged as global phishing syndicate busted in USA and Romania

May 20, 2008 Sophos Press Release

Phishers steal money and confidential data from internet users. Image copyright (c) Sophos
Phishers steal money and confidential data from internet users.

Experts at SophosLabs™, Sophos's global network of virus, spyware and spam analysis centers, have welcomed the news that authorities in the USA and Romania have charged a total of 38 people suspected of running an international crime ring that sought to steal from thousands of consumers, targeting hundreds of financial institutions.

According to the US Department of Justice, the gang sought innocent parties' personal information through phishing emails and "smishing" (sending SMS text messages via cellphone).

Mobile phone SMS messages were sent, attempting to lure unsuspecting owners to visit a website containing malware:

"We're confirming that you've signed up for our service. You will be charged $2 per day unless you cancel your order on this URL: [censored]"

Meanwhile, computer users who clicked on links contained in spam emails sent by the gang were taken to a fraudulent website, which posed as a legitimate online bank, where they were tricked into entering their passwords and banking credentials. According to the US Department of Justice, the gang sent more than 1.3 million spam emails in just one phishing attack.

Information stolen by the phishers was passed via internet chat messages to US-based cashiers, who recorded the stolen data onto the magnetic strip on blank credit and debit cards. Other criminals were then sent to test the cards at ATMs by making balance requests or withdrawing small amounts of money. Once proven to work, the cards would be used to withdraw the maximum amount of money possible. A proportion of the stolen money was then wired back to Romania.

"This was a highly-organized scheme using the internet to steal money from individuals and financial institutions across continents," said Graham Cluley, senior technology consultant for Sophos. "The authorities in the USA and Romania should be applauded for their investigation, which hopefully will result in the dismantling of a major cybercrime ring. Meanwhile, this story carries an important message to consumers and businesses alike to have a proper defense in place against phishing attacks, and to never let your guard down when it comes to protecting yourself against internet criminals."

More than half of the people charged are Romanian, although other members of the gang include citizens of the USA, Vietnam, Cambodia, Pakistan and Cambodia. The scams were also operated from the United States, Canada, Pakistan and Portugal. If found guilty, gang members could face up to 30 years in jail for bank fraud.

"The rewards for criminals engaged in phishing can be considerable. But this is serious crime, and it deserves a serious punishment," continued Cluley. "Authorities around the world need to have strong legislation in place in order to ensure that a clear message goes out to cybercriminals that their activities will not be tolerated."

Sophos experts encourage all computer users to learn how to reduce the risk of being hit by a phishing attack.

"All computer users should exercise caution over the emails they open, which websites they visit, and who they give their confidential information to as they may find they are falling into a hacker's trap," continued Cluley.

Sophos recommends all computer users protect themselves with a consolidated solution which can control network access and defend their email and web gateways against the threats of spam, hackers, spyware and viruses.