14 Indicted in Phishing Scheme

Fraudulent E-mails Targeted Consumers' Bank Accounts
14 Indicted in Phishing Scheme
The Federal Bureau of Investigation and the U.S. Attorney for the District of Connecticut have indicted 14 Romanians for their involvement in an identity-theft scheme that relied on phishing attacks to target unwitting consumers. According to a statement issued by the Department of Justice, the 14 suspects been charged with conspiracy, fraud and identity theft.

The indictment claims that in June 2005, one or more of the accused sent an e-mail to consumers, including a resident of Madison, Conn., that appeared to come from Connecticut-based People's Bank. The generic e-mail said recipients' online banking accounts had been locked; in order to remedy the issue, the recipients were instructed to click on links and enter specific bank account details and personal information.

In addition to People's Bank, Citibank, Capital One, Bank of America, JPMorgan Chase, Comerica Bank, Regions Bank, LaSalle Bank, U.S. Bank, Wells Fargo, eBay and PayPal also were targeted.

According to court documents, the Web page to which the Connecticut e-mail recipient was directed appeared to originate from People's Bank'; in actuality, the site was hosted on a compromised computer.

In all of the cases of all of the fraudulent e-mails sent, once recipients entered personal or financial information, their entered information was routed to one or more of the defendants, or to a so-called collector account - an e-mail account used to receive and collect the stolen information. Several collector accounts containing thousands of e-mails with credit or debit card numbers, expiration dates, CVV codes, PINs and other personal information, such as names, addresses, telephone numbers, dates of birth and Social Security numbers, were discovered during the FBI's investigation.

The co-conspirators used the information to access bank accounts and lines of credit, as well as withdraw funds from ATMs, which most often were in Romania.

Charges linked to the scheme go back to January 2007, when a federal grand jury in New Haven indicted a handful of the 14 suspects for phishing offenses. In November 2010, a grand jury returned a superseding indictment, charging all 14 defendants. But the indictment was sealed, pending extradition.

On Dec. 12, following the extradition from Romania of three of the 14 suspects, a magistrate judge in Bridgeport unsealed the indictment. Each of the 14 defendants could face up to 35 years in prison. So far, two defendants have pleaded not guilty and are expected to go to trial in March.

Phishing: Growing Cyber Concern

Incidents of phishing attacks are increasing in number, and the schemes themselves are increasing in sophistication.

Earlier this month, the Federal Bureau of Investigation issued a warning about a new Zeus malware attack targeting commercial bank accounts via phishy e-mails feigning to be from NACHA - The Electronic Payments Association. Ultimately, the attacks resulted in corporate account takeover. The Zeus variant, a malware called Gameover, is able to defeat several forms of dual-factor authentication. [See FBI Warns of New Fraud Scam.]

Other attacks, often aimed at the Federal Deposit Insurance Corp. and the Better Business Bureau also have become common occurrences.

Spear-phishing, or targeted e-mail attacks, also are growing problems. With public information gleaned from social networking sites such as LinkedIn and Facebook, fraudsters are able to cobble together enough personal data about executives and administrators to launch targeted attacks - personalized phishy e-mails that often raise little suspicion.

Bill Wansley, a consultant with Booz Allen Hamilton, says the link between social media and phishing cannot be ignored. "That is a concern that is now starting to get the attention of bank information security officers and bank risk officers," Wansley says. "They are all working to ensure that the training of their staff is up to a level where they can recognize when they are being targeted."


About the Author

Tracy Kitten

Tracy Kitten

Director of Global Events Content and Executive Editor, BankInfoSecurity & CUInfoSecurity

A veteran journalist with more than 20 years' experience, Kitten has covered the financial sector for the last 13 years. Before joining Information Security Media Group in 2010, where she now serves as director of global events content and executive editor of BankInfoSecurity and CUInfoSecurity, she covered the financial self-service industry as the senior editor of ATMmarketplace, part of Networld Media. Kitten has been a regular speaker at domestic and international conferences, and was the keynote at ATMIA's U.S. and Canadian conferences in 2009. She has been quoted by CNN.com, ABC News, Bankrate.com and MSN Money.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing ffiec.bankinfosecurity.com, you agree to our use of cookies.