Phishers steal money and confidential data from internet
users.
Experts at SophosLabsâ„¢, Sophos's global
network of virus, spyware and spam analysis centers, have welcomed
the news that authorities in the USA and Romania have charged a
total of 38 people suspected of running an international crime ring
that sought to steal from thousands of consumers, targeting
hundreds of financial institutions.
According to the US Department of Justice,
the gang sought innocent parties' personal information through
phishing emails and "smishing" (sending SMS text messages via
cellphone).
Mobile phone SMS messages were sent, attempting to lure
unsuspecting owners to visit a website containing malware:
"We're confirming that you've signed up
for our service. You will be charged $2 per day unless you cancel
your order on this URL: [censored]"
Meanwhile, computer users who clicked on links contained in spam
emails sent by the gang were taken to a fraudulent website, which
posed as a legitimate online bank, where they were tricked into
entering their passwords and banking credentials. According to the
US Department of Justice, the gang sent more than 1.3 million spam
emails in just one phishing attack.
Information stolen by the phishers was passed via internet chat
messages to US-based cashiers, who recorded the stolen data onto
the magnetic strip on blank credit and debit cards. Other criminals
were then sent to test the cards at ATMs by making balance requests
or withdrawing small amounts of money. Once proven to work, the
cards would be used to withdraw the maximum amount of money
possible. A proportion of the stolen money was then wired back to
Romania.
"This was a highly-organized scheme using the internet to steal
money from individuals and financial institutions across
continents," said Graham Cluley, senior
technology consultant for Sophos. "The authorities in the USA and
Romania should be applauded for their investigation, which
hopefully will result in the dismantling of a major cybercrime
ring. Meanwhile, this story carries an important message to
consumers and businesses alike to have a proper defense in place
against phishing attacks, and to never let your guard down when it
comes to protecting yourself against internet criminals."
More than half of the people charged are Romanian, although
other members of the gang include citizens of the USA, Vietnam,
Cambodia, Pakistan and Cambodia. The scams were also operated from
the United States, Canada, Pakistan and Portugal. If found guilty,
gang members could face up to 30 years in jail for bank fraud.
"The rewards for criminals engaged in phishing can be
considerable. But this is serious crime, and it deserves a serious
punishment," continued Cluley. "Authorities around the world need
to have strong legislation in place in order to ensure that a clear
message goes out to cybercriminals that their activities will not
be tolerated."
Sophos experts encourage all computer users to learn how to
reduce the risk of
being hit by a phishing attack.
"All computer users should exercise caution over the emails they
open, which websites they visit, and who they give their
confidential information to as they may find they are falling into
a hacker's trap," continued Cluley.
Sophos recommends all computer users protect themselves with a
consolidated solution which can control network access
and defend their email and web gateways against the threats of
spam, hackers, spyware and viruses.
Sophos is headquartered in Boston, US and Oxford, UK. More information is available at www.sophos.com.