Nearly 100 charged worldwide in massive phishing scam bust
'Operation Phish Phry' nabs ID theft suspects in Egypt, U.S.
By Andrea Leptinsky
The FBI has charged more than 50 defendants -- the most ever charged in a cybercrime case -- for allegedly conspiring to steal the identities of thousands of Americans, the bureau announced.
The investigation, dubbed "Operation Phish Phry," includes 53 arrests in the United States and 43 arrests in Egypt. The FBI calls it "the largest number of defendants ever charged in a cybercrime case." Defendants in both countries worked together to obtain bank account numbers and related personal identification data from banking customers through "phishing," a method by which schemers use spam e-mails or pop-up messages to dupe victims into giving up their credit card and bank account numbers.
"This international phishing ring had a significant impact on two banks and caused huge headaches for hundreds, perhaps thousands, of bank customers," said George S. Cardona, acting U.S. Attorney, in a statement released by the FBI. "Organized, international criminal rings can only be confronted by an organized response by law enforcement across international borders, which we have seen in this case."
Tackling a growing problem
The operation began in 2007 when the FBI decided to crack down on criminal groups that were targeting U.S. financial infrastructure. The project grew in scope earlier this year when FBI uncovered intelligence involving individuals in Egypt, a discovery that prompted a joint investigation by the two countries' authorities.
Scammers in the United States and Egypt worked together methodically to carry out the scheme despite the 7,500 miles between them. According to the FBI, defendants in Egypt collected victims' bank information through phishing and then hacked into accounts at two banks. Once the accounts had been accessed, the Egyptian defendants communicated with the American defendants through text messages, Internet chat groups and phone calls to transfer funds from the compromised accounts to the newly created fraudulent accounts. The American defendants then wired a portion of the funds back over to the Egyptian defendants.
"The sophistication with which Phish Phry defendants operated represents an evolving and troubling paradigm in the way identity theft is now committed," said Keith Bolcar, acting assistant director of the FBI's Los Angeles bureau, also in the statement.
Each of the 53 American defendants named in the indictment returned last week by a federal grand jury in Los Angeles is charged with conspiracy to commit bank and wire fraud, a charge that carries a maximum penalty of 20 years in federal prison.
Don't take the bait
A study by technology research company Gartner indicated that more than 5 million American consumers lost money in 2008 to phishing attacks.
According to the Federal Trade Commission's OnGuardOnline.gov, it's easy to protect yourself from becoming a phishing victim, with the right knowledge:
- Ignore e-mails and pop-up messages that claim to need your personal financial information. Don't click on any links inside the message, and don't cut and paste any links into a new browser window. Phishers make links look like they are taking you to one site, when it's really taking you to a false site designed to steal your information.
- Beware of phone trickery. Some messages ask you to call a phone number to update your account to access a refund. Scammers can even use technology to list a phone number from your home area code. If you need to reach an organization you do business with, call the number listed on your financial statements.
- Cover the basics. Stay up to date on your computer's anti-virus and anti-spyware software, as well as a firewall. Review your credit card and banking statements regularly to search for fraudulent use, and never, ever give out your personal or financial information through an e-mail.
The government has set up an e-mail address for consumers who believe they have been sent phishing e-mails. To report such e-mails, forward them to email@example.com.
See related: What phishing means and how to avoid it, Don't take the bait when you receive a phishing e-mail, New phone phishing scam on the rise, 10 things you must know about ID theft, Study: The war on phishing is far from over
Published: October 8, 2009
- APRs to stand pat as Fed puts off rate increase – Credit card users were spared higher APRs for now, but should brace for an increase before year end ...
- Wells Fargo's huge fine: inside the numbers – Wells Fargo will pay $185 million for secretly opening unauthorized accounts for its customers, and that's not the only big number connected to the case ...
- First National Bank of Omaha refunds $27.75 million for add-ons – Misleading marketing of credit card add-on products that did not deliver what they promised brings regulatory action ...