Police in the US and Romania have charged 38 members of a suspected phishing gang.
The group reportedly organised the theft of online banking credentials using both email and text message lures. One phase of the attack involved the distribution of 1.3m fraudulent text messages that posed as communiques from a prospective mark's bank, according to the US Department of Justice.
Data entered by unwary users into a fraudulent website was used to create counterfeit bank cards, which were then used to siphon money from compromised accounts. A percentage of the proceeds were allegedly sent onto Romania while the rest was kept by their US accomplices. Fraudulent transactions were made in Canada, Pakistan, Portugal and Romania.
Customers of financial institutions including Citibank, Capital One, JPMorgan Chase, Comerica Bank, Wells Fargo, eBay and PayPal were targeted by the attack. A complaint over a fraudulent email ostensibly from Connecticut-based People’s Bank prompted an investigation that dismantled the alleged cybercrime ring. It's unclear how much the gang made through the scam.
More than half of those charged are Romanian, while the others are US residents originally from South East Asia. Most of the suspects have been arrested in a series of raids over the last few months while some of the Romanian suspects remain unidentified.
Seuong Wook Lee, a cashier operating at the US end of the scam, pleaded guilty to racketeering, conspiracy, bank fraud, access device fraud and computer hacking offences on 15 May, at a hearing in the US District Court in Los Angeles.
More in a DoJ statement here. ®