38 Charged in Phishing Scams

Thirty-eight people were charged yesterday with stealing names, Social Security numbers, credit card data and other personal information from Internet users as part of a global crime ring.

The Romanian-based phishing scams sought to rip off thousands of consumers and hundreds of financial institutions, according to indictments unsealed in Los Angeles and New Haven, Conn.

The two related cases are the latest examples of what the Justice Department describes as a growing worldwide threat.

"International organized crime poses a serious threat not only to the United States and Romania, but to all nations," Deputy Attorney General Mark R. Filip said in a statement from Bucharest, the Romanian capital, where he announced the charges. "Criminals who exploit the power and convenience of the Internet do not recognize national borders; therefore our efforts to prevent their attacks cannot end at our borders either."

The practice known as phishing typically involves sending fraudulent e-mails that include links directing recipients to fake Web sites, where they are asked to submit sensitive data. Phishers may also include attachments that, when opened, secretly install "spyware" that can capture personal information and send it to third parties over the Internet.

More than half of the people charged in these cases are Romanian, though the alleged scams also operated from the United States, Canada, Portugal and Pakistan, authorities said. The cases, officials said, were linked by two Romanians who participated in both schemes.

In Los Angeles, 33 people faced 65 counts on a variety of charges, including racketeering, bank fraud and identity theft. Prosecutors say phishers in Romania snagged information about thousands of credit and debit card accounts and other personal data from people who answered spam e-mail. The data were then sent to the United States and encoded on magnetic cards that could be used to withdraw money from bank accounts.

One encoder in one of the scams, identified as Seuong Wook Lee, pleaded guilty last week in federal court in Los Angeles to charges of racketeering conspiracy, bank fraud, access device fraud and unauthorized access of a protected computer.

Meanwhile, in Connecticut, seven Romanians allegedly spammed consumers with directions to visit a hacked-in Web site disguised as legitimate bank sites, including those of Citibank, Wells Fargo and PayPal. The seven Romanians -- including two who are allegedly also involved in the Los Angeles scheme -- were indicted in January on charges that were unsealed last week. One of them, Ovidiu-Ionut Nicola-Roman, was arrested in Bulgaria last summer and extradited to the United States in November.