Three jailed for online banking attack

Three men have been jailed for a total of 13.5 years for their part in a sophisticated and concerted attack on the UK and international banking system following an investigation by the Met’s Police Central e-Crime Unit.

The convictions are believed to be the first prosecutions in the UK involving such detailed evidence of an organized internet phishing operation and are the result of a pro active and prolonged investigation by the PCeU, codenamed Operation Dynamophone.

The investigation focused around a network of individuals who systematically obtained large quantities of personal information, such as online bank account passwords and credit card numbers, through online phishing in order to steal monies from those accounts, and fraudulently use credit card details.

The trio were arrested in August 2010 when detectives from the PCeU, assisted by the MPS Territorial Support Group and the Irish Guarda Síochána Fraud Investigation Bureau, executed search warrants at a number of addresses in London and an address in Ireland.

Enquiries revealed that through the course of their activity the defendants compromised over 900 bank accounts and 10,000 credit cards.

Attempted account take over fraud amounting to as much as £1.13m was identified in respect of the compromised bank accounts – with over £599,000 successfully stolen.

It was established that fraud had been successfully committed in respect of over 1,400 of the compromised credit cards – amounting to actual losses of over £570,000. The precise loss in respect of the remaining card numbers is yet to be established. However, using current industry estimates it’s likely that total fraud on the compromised cards exceeds £3.1m.

The defendants were responsible for sending unsolicited emails to members of the public purporting to be from their bank and directing them, via a link, to visit the bank’s web-page. However, the victims were in fact visiting a previously established bogus web-page where they were asked to confirm their online bank account or credit card account details. During the course of their investigation detectives gathered evidence to show that at the time of their arrest the defendants had possession of computer scripts necessary to operate forty such bogus bank web-pages.

In this way the defendants and other members of the criminal network were able to obtain the details of many thousands of bank account and credit card details.

In the majority of cases detected, the details were then used to carry out fraudulent bank transfers and credit card transactions.

During the course of the operation Fafore, co-conspirators communicated across the Internet, from wherever they happened to be in the world, and sent and received details of compromised bank accounts, credit cards and other information related to the continued operation of the scam.

Financial investigators are carrying out enquiries to trace and restrain the criminal proceeds of the defendants’ activities with a view to secure their confiscation.