Network News

X My Profile
View More Activity

Latest FBI Crackdown on Phishing Targets 100 Defendants in U.S., Egypt

UPDATED: 7:45 p.m. Law enforcement authorities in California, Nevada, North Carolina arrested 33 people Wednesday as part of an international crackdown on "phishing," e-mail scams that trick people into giving personal and financial data to counterfeit Web sites.

The action, dubbed "Operation Phish Phry" by the FBI, targeted at least 100 people, including 20 defendants in the United States who remain at large. The FBI said that authorities in Egypt have charged at least 47 unindicted co-conspirators there in connection with the scam, which ran from January 2007 through September. It is the largest group of defendants to face charges in a cybercrime case, the FBI said.

According to a 51-count indictment returned last week by a federal grand jury in Los Angeles, the defendants in Egypt used e-mails to lure customers of Wells Fargo and Bank of America to phony bank Web sites rigged to steal victims' usernames and passwords. The Egyptian defendants then siphoned funds from the victims' accounts into new accounts opened by the U.S.-based defendants, according to the indictment..

Laura Eimiller, a spokeswoman for the FBI's Los Angeles field office, said the group is thought to have tricked several thousand people into giving up their online banking credentials.

All told, the group is accused of moving more than $1.5 million to the dummy accounts. But Eimiller said not all of that money was withdrawn, because the banks eventually worked with authorities to identify accounts receiving fraudulent transfers. Wells Fargo declined to comment. Bank of America did not respond immediately to requests for comment.

Each of the 53 U.S. defendants named in the indictment is charged with conspiracy to commit bank fraud and wire fraud, a charge that carries a maximum penalty of 20 years in federal prison. Some of the defendants are named in additional counts that would increase their maximum possible sentences.

Phishing remains a growing problem. Some 49,084 unique phishing Web sites were set up in June, the second largest number recorded in a single month, according to the Anti-Phishing Working Group, a industry consortium.

In May 2008, the Justice Department charged 38 people -- many of them Romanians living in the United States -- with orchestrating a global phishing ring that defrauded thousands of consumers and hundreds of financial institutions.

A copy of the indictment is available here.phishfryInidictment.pdf

By Brian Krebs  |  October 7, 2009; 7:45 PM ET
Categories:  Cyber Justice , U.S. Government  | Tags: fbi, phish phry, phishing  
Save & Share:  Send E-mail   Facebook   Twitter   Digg   Yahoo Buzz   Del.icio.us   StumbleUpon   Technorati   Google Buzz   Previous: Hijacked Webmail Accounts Used to Promote Dodgy E-Commerce Sites
Next: Phishing Scam Spooked FBI Director Off E-Banking

Comments

Why don't the authorities create a clearinghouse where people can forward all of these emails they get. As part of the structure, the governing entity could be given the power to simply cancel domains and email addresses that engage in this activity with the push of a button. If nothing else this would greatly increase the cost of running these frauds because the criminals would have to keep buying new domains and setting up new email addresses.

Posted by: thinker11 | October 7, 2009 9:04 PM | Report abuse

Why don't the authorities create a clearinghouse where people can forward all of these emails they get. As part of the structure, the governing entity could be given the power to simply cancel domains and email addresses that engage in this activity with the push of a button. If nothing else this would greatly increase the cost of running these frauds because the criminals would have to keep buying new domains and setting up new email addresses.

Posted by: thinker11 | October 7, 2009 9:34 PM | Report abuse

I'm just happy they caught some of the people doing this crap. It's nasty taking from beginning to end. Even if you don't fall prey to the scams, they're still eating the bandwidth and resources you paid for.

Posted by: timscanlon | October 8, 2009 5:02 AM | Report abuse

thinker11,

New email address? They already are 'borrowing' email addresses - I used to get 5 to 10 of those WF and BoA phishing emails per day (and those were 'good' days - sometimes more), with the 'From: ' email address being spoofed on each one.

Posted by: critter69 | October 8, 2009 5:43 AM | Report abuse

thinker11 -

Use this: spam@uce.gov or see this FTC site:

http://www.ftc.gov/ftc/contact.shtm

DLD

Posted by: DLDx | October 8, 2009 8:43 AM | Report abuse

The latest scam to appear in our e-mail boxes is the "Notice of Under Reported Income" purporting to be from the IRS with email addresses ending in irs.gov. We have been getting dozens of them a day for the last few months...how many of the un-warry do you think tis has snagged!

Posted by: BDCompliance | October 8, 2009 9:19 AM | Report abuse

I agree that something creative should be done. And not just about this, but other web related problems as well, take for example the web squatters and dummy search results sites. These are a real impediment to the 'quality' of the internet. They make it harder and harder to find relevant search results by setting up myriads of repetitive non-result pages in order to make money from ad views. Or the mal-ware products that have spawned an industry of anti-mal ware products. Protecting you from pop-up infections YAY.

There are a couple things that I think could be done.

1. Require dot-com(s) to be owned by registered companies. Not DBAs. Not clearing house companies registering thousands of sites in an umbrella system. Not billy's baking blog. (unless it is a registered business) Move blogs over to a personal .something registry. .COM would also need to implement a standards for web presence, guidelines for ownership. Not unlike the USPS asking businesses who use bulk mail to work within a frame work.

2. Require legitimate cause for the address. No squatters or domain 'investing'. Imagine if someone could "invest" in your address, and you would have to negotiate rights from someone to get mail.

3. Maintain US control over the .com domain requirements. We have been working with an international committee the last few years, but I think that they don't have the political mettle to make decisive actions.

4. Require next generation mail / web clients to offer users a 'flag' tool. By which they could simply submit a given url or email to a national registry without having to wade through a complex form. If enough people flag a domain or account it could be suspended for review.

Posted by: gconrads | October 8, 2009 10:14 AM | Report abuse

oh, and a few more things.

I think that domain managing countries, and hosting service providers should have a quality rating akin to a credit rating in business. Some gross metric to keep track of which providers / countries are maintaining scam free operations. With some nominal benefits / ramifications for their scores. Something as simple as this can have an immense positive effect.

Despite the argument that creating a porn .xxx or something of the like. This would (I think) help to filter porn out of the .com arena and make it much easier / 'safer' for parents who want to maintain some reasonable controls.

With the rapid growth of the internet the extension of classifications kind of fell by the wayside, but it would be a useful tool to improve the overall quality of the internet and allow future growth to happen without deteriorating the overall usability.

Posted by: gconrads | October 8, 2009 10:22 AM | Report abuse

Edit above.

Sentense should read:

Despite the argument that creating a porn .xxx or something of the like would legitimize pornography on the internet.

That cat is out of the bag. Like it or not.

Posted by: gconrads | October 8, 2009 10:24 AM | Report abuse

These 'phishers of men' look like low hanging fruit to me. Reminds me of the police arresting particularly stupid
mid-level drug dealers. Most of the bad guys operate in the former Eastern Bloc and China, as I understand it. When someone can figure out a way to bring the powers that be fr/ internet governance and terrestrial governance together break the business model of these malefactors, THAT will be progress. Forget arrests, trials, convictions--the process takes too long. Attack their strategy. Start by disrupting their communications as much as possible.

Posted by: featheredge99 | October 8, 2009 4:33 PM | Report abuse

Finally and thank you FBI. At least there's one agency in the United States I can begin to start trusting. The most important tool in the high tech industry (computers for all industries) and I believe should be very secured for the safety our Country and around the world. Maria Elena ARRAstia Tuason here.

Posted by: meat128 | October 9, 2009 12:47 AM | Report abuse

The comments to this entry are closed.

 
 
RSS Feed
Subscribe to The Post

© 2010 The Washington Post Company