Five people were arrested Monday in Los Angeles and others were being sought in connection with an international online "phishing" scheme that defrauded thousands of victims and hundreds of financial institutions, federal authorities said.

A total of 33 people, U.S. citizens and foreign nationals alike, were named in a 65-count indictment charging them with participating in the Internet-based fraud, prosecutors said. The indictment, unsealed today, was returned by a federal grand jury in Los Angeles.

Five other people were indicted in Connecticut, along with two people who are also named in the Los Angeles indictment, federal officials said.

The Los Angeles indictment charges the defendants with crimes including racketeering conspiracy, bank fraud and aggravated identity theft. The bank fraud charge alone is punishable by up to 30 years in federal prison.
According to prosecutors, a phishing scheme is accomplished by people who use the Internet to target large numbers of victims and trick them into revealing their names, addresses, Social Security numbers, bank account numbers and other personal information. The bogus e-mails are often made to appear as if they originated from legitimate banks or businesses.

Laura Eimiller of the FBI's Los Angeles office said five people were arrested in Los Angeles today in connection with the operation, and four other local suspects were being sought. Arrest warrants were also being served in Romania.

The investigation apparently began with the arrest of a suspect in Orange County in 2006, according to Orange County Senior District Attorney Joe D'Agostino said.

"We initially arrested an individual who was the first person arrested," D'Agostino said. "We kind of started it. That's a simple way of putting it. It turns out the case was international in scope (and) moved on pretty quickly."

Federal officials said Romanian police took part in the investigation, along with the Internal Revenue Service, U.S. Postal Service and various police in Fullerton, Seal Beach, Costa Mesa, Huntington Beach, Irvine, Westminster, Fullerton and Anaheim.

According to the indictment, the Romania-based members, or "suppliers," of the alleged criminal enterprise obtained thousands of credit card and debit card accounts by sending out more than 1.3 million spam e-mails in one attack.

Once directed to a purportedly legitimate Web site, victims then supplied their personal information, according to court papers. The Romanian participants in the operation then forwarded the information to their U.S. counterparts, or "cashiers," the indictment alleges.

The U.S.-based members then used a type of hardware called "encoders" to record the information onto magnetic strips on the back of debit and credit cards, court papers state. After the cards were tested by checking balance information or withdrawing small amounts of cash at ATMs, workable cards were used to withdraw money from ATMs and accounts that the suspects believed had the highest withdrawal limits, prosecutors said.

A portion of the ill-gotten money was then wired to the supplier who had provided the initial information, prosecutors said.

Seuong Wook Lee, a cashier in the scheme, pleaded guilty last Thursday in federal court in Los Angeles to racketeering conspiracy, bank fraud, access device fraud and unauthorized access of a protected computer, prosecutors said.

"Just as street gangs don't respect municipal borders, computer criminals can reach into other countries and prey upon unsuspecting victims who have no idea their identities and money are going to another country," said Thomas O'Brien, U.S. Attorney for the Central District of California.

This entry was posted by Annette King on Monday, May 19. 2008 at 15:25. and is filed under Virus & AntiVirus News.