By Brian Krebs
Washington Post Staff Writer
Thursday, October 8, 2009
Law enforcement authorities in California, Nevada and North Carolina arrested 33 people Wednesday as part of an international crackdown on "phishing," e-mail scams that trick people into giving personal and financial data to counterfeit Web sites.
The action, dubbed "Operation Phish Phry" by the FBI, targeted at least 100 people, including 20 defendants in the United States who remain at large. The FBI said that authorities in Egypt have charged at least 47 unindicted co-conspirators there in connection with the scam, which ran from January 2007 through September. It is the largest group of defendants to face charges in a cybercrime case, the FBI said.
According to a 51-count indictment returned last week by a federal grand jury in Los Angeles, the defendants in Egypt used e-mails to lure customers of Wells Fargo and Bank of America to phony Web bank sites rigged to steal victims' usernames and passwords. The Egyptian defendants then siphoned funds from the victims' accounts into new accounts opened by the U.S.-based defendants at the two institutions, according to the indictment.
Laura Eimiller, a spokeswoman for the FBI's Los Angeles field office, said the group is thought to have tricked several thousand people into giving up their online banking credentials. All told, the group is accused of moving more than $1.5 million to the dummy accounts. But Eimiller said not all of that money was withdrawn, because the banks eventually worked with authorities to identify accounts receiving fraudulent transfers.
Wells Fargo declined to comment. Bank of America did not respond immediately to requests for comment.
Each of the 53 U.S. defendants named in the indictment is charged with conspiracy to commit bank fraud and wire fraud, a charge that carries a maximum penalty of 20 years in federal prison. Some of the defendants are named in additional counts that would increase their maximum possible sentences.
Phishing remains a growing problem. Some 49,084 unique phishing Web sites were set up in June, the second largest number recorded in a single month, according to the Anti-Phishing Working Group, a industry consortium.