26 arrested in Poste Italiane phishing attack
Sophos is welcoming news that members of an alleged international phishing gang have been arrested following an investigation by Italian police. The Guardia di Finanza apprehended 18 Italian citizens and eight foreign nationals from Eastern Europe in an operation dubbed ‘Phish & Chip’, following a widespread phishing campaign that targeted internet users of Italian postal operator Poste Italiane’s home-banking services.
The gang is alleged to have spammed out messages directing users to a bogus Poste Italiane website that stole their login information. According to police, the main hacker in the group, a 22-year-old man, has confessed to sending emails purporting to come from Poste Italiane that directed recipients to a cloned version of the banking website, hosted on overseas web servers. Once login information had been seized, he is alleged to have emptied the innocent users’ bank accounts and transferred the money to pre-paid credit cards activated by members of the gang.
The alleged ringleader of the gang is said to have made an escape attempt lasting 12 hours before eventually being arrested by the Military Financial Police. The man in question declared to the authorities that he was a data processing consultant who helped Italian companies prevent credit card fraud.
Laptop computers, data backup devices, false documents, mobile phones, and materials for creating credit cards have been seized by the authorities at several locations across Italy. Numerous credit cards belonging to the Banca Intesa were also confiscated, some of which are said to have been used by the gang the day before at the Casino of San Remo.
“The Italian authorities should be applauded for cracking down on illegal activity like this. Internet criminals can use technology to hide their identities, and it can often be a complex web for the police to untangle,” said Graham Cluley, senior technology consultant for Sophos. “Phishing and identity theft are global problems, and countries need to work more closely with each other to bring cybercriminals to justice. These arrests underline the growing organised nature of international identity theft gangs, but there are many other phishers still at large.”