FBI Operation Catches Online Bank Fraudsters
In what the FBI is calling Operation Phish Phry, it has arrested 53 people on charges of conducting a vast financial fraud based on phishing. Numerous Internet users have been tricked into revealing vital information, according to an 86-page indictment filed in the US District Court in Los Angeles. The New York Times reported on October 7 that the arrests took place in Southern California, Nevada and North Carolina, while the authorities in Egypt have sought to arrest 47 people whom the FBI says were co-conspirators.
The FBI has revealed that this is the largest number of defendants ever charged in a cybercrime case, and that they had stolen at least $US2 million from 2007 until last month. The scams victimised people with accounts at Bank of America and Wells Fargo, two of the largest banks in the United States. The online component of the fraud was perpetrated in Egypt, with the defendants there sending mass email messages that appeared to be authentic communications from the banks. The people who clicked on these messages were sent to fake websites made to look identical to the real banking sites. There they were asked to enter personal information like their bank account numbers, passwords, social security numbers and drivers’ license numbers.
The co-conspirators in the US took over from there, transferring funds into their own accounts and remitting some money back to their accomplices in Egypt. The FBI has said that it was a very well organised crime and that everyone involved got paid. Now the 53 named in the indictment might also get 20 years in prison.
The investigation began in early 2007, when the banks alerted the FBI to the fraud. While Bank of America would not comment on the specifics of the case, it nevertheless stated that it “monitors for fraudulent sites and works to shut them down as quickly as possible.”
If you are worried that your company might be susceptible to this increasingly common threat, it would be advisable to call in a professional team skilled in the art of computer forensics. That’s not only the best way to safeguard your operations, but it will also serve to alert your employees to where danger lurks.
Once again, the FBI operation has highlighted the pernicious nature of phishing. At the beginning of October, more than 10,000 addresses and passwords for customer accounts on Hotmail, one of Microsoft’s Web-based email services, appeared online, apparently after being stolen via phishing. In what appeared to be a separate incident, a list of more than 20,000 addresses and passwords for accounts on Hotmail, Gmail, Yahoo and AOL were posted to a website. The Internet companies said they were working with affected customers to help them recover their accounts.
Chet Wisniewski, senior security adviser at Sophos, a web security firm, doubted the arrests would have an effect on the number of online banking scams. “I would imagine there are many different groups doing similar things,” he says. “You squash one bug and another one emerges. If there’s an opportunity to make money, someone will be there to collect the bill.”
Don’t delay in ensuring that your company operations are secure.
