October 7th, 2009

FBI's 'Operation Phish Phry' snares nearly 100 people

Posted by Larry Dignan @ 2:53 pm

Categories: General, Government, Security

Tags: Bank, FBI, Phishing, Cyberthreats, Financial Services, Spam, Viruses And Worms, Security, Spam And Phishing, Larry Dignan

The Federal Bureau of Investigation on Wednesday charged almost 100 people in Operation Phish Phry, the largest cyber fraud phishing case to date.

The FBI said it uncovered a sophisticated phishing operation that was designed to swipe personal information and then use the data to defraud banks. On Wednesday, authorities arrested 33 of the 53 defendants named in an indictment. Egyptian authorities charged another 47 alleged cybercrooks.

Operation Phish Phry started in 2007 and authorities ultimately collected enough information used in today’s bust. That information led to the joint U.S.-Egypt sting. In a statement, the FBI outlined the details:

According to the indictment that was unsealed this morning, Egyptian-based hackers obtained bank account numbers and related personal identification information from an unknown number of bank customers through phishing—a technique that involves sending e-mail messages that appear to be official correspondence from banks or credit card vendors. In illegal phishing schemes, bank customers are directed to fake websites purporting to be linked to financial institutions, where the customers are asked to enter their account numbers, passwords and other personal identification information. Because the websites appear to be legitimate—complete with bank logos and legal disclaimers—the customers do not realize that the websites do not belong to legitimate financial institutions.

The indictment alleges that co-conspirators in Egypt collected victims’ bank account information by using information obtained from their phishing activities. Armed with the bank account information, members of the conspiracy hacked into accounts at two banks. Once they accessed the accounts, the individuals operating in Egypt communicated via text messages, telephone calls and Internet chat groups with co-conspirators in the United States. Through these communications, members of the criminal ring coordinated the illicit online transfer of funds from compromised accounts to newly created fraudulent accounts.

In the U.S., three California residents—Kenneth Joseph Lucas, Nichole Michelle Merzi, and Jonathan Preston Clark—were the alleged ringleaders, according to the FBI. These people would direct associates to recruit runners that would set up the bank accounts.