Authorities in the USA and Romania have charged a total of 38 people suspected of running an international crime ring that attempted to steal from thousands of consumers and targeted hundreds of financial institutions. According to media reports, the gang sought innocent parties’ personal information through phishing emails and “smishing” (sending SMS text messages via mobile phone).
Computer users who clicked on links contained in spam emails sent by the gang were taken to a fraudulent website, which posed as a legitimate online bank, where they were tricked into entering their passwords and banking details. According to the US Department of Justice, the gang sent more than 1.3 million spam emails in just one phishing attack.
Information stolen by the phishers was passed via internet chat messages to US-based cashiers, who recorded the stolen data onto the magnetic strip on blank credit and debit cards. Other criminals were then sent to test the cards at ATMs by making balance requests or withdrawing small amounts of money. Once proven to work, the cards would be used to withdraw the maximum amount of money possible. A proportion of the stolen money was then wired back to Romania.
Graham Cluley, senior technology consultant for Sophos said: “This was a highly-organised scheme using the internet to steal money from individuals and financial institutions across continents. The authorities in the USA and Romania should be applauded for their investigation, which hopefully will result in the dismantling of a major cybercrime ring. Meanwhile, this story carries an important message to consumers and businesses alike to have proper defences in place against phishing attacks, and to never let your guard down when it comes to protecting yourself against internet criminals.”
More than half of the people charged are Romanian, although the scams also operated from the United States, Canada, Pakistan and Portugal. If found guilty, gang members could face up to 30 years in jail for bank fraud.