The Federal Bureau of Investigation (FBI) yesterday announced it had uncovered one of the largest phishing scams to date, charging nearly 100 people in the United States and Egypt for their involvement in stealing other people's personal information and using it to steal money from their bank accounts.
As part of Operation Phish Phry (who said the FBI is humorless), the FBI and Egyptian authorities began rounding up suspects yesterday.The FBI began arresting over 50 alleged U.S. cybercriminals in Southern California, Nevada, and North Carolina, while Egyptian authorities sought 47 co-conspirators in their country. The FBI says the operation was the first joint cyber investigation between Egypt and the United States.
An 86-page indictment, filed in the United States District Court for the Central District of California in Los Angeles, accuses the defendants of tricking people into giving up their bank account information. The F.B.I. said that this was the largest number of defendants ever charged in a cybercrime case, and that they had stolen at least $2 million from 2007 to last month.
The scams victimized people with accounts at Bank of America and Wells Fargo, two of the nation’s largest banks. The online component of the fraud was perpetrated in Egypt, Keith B. Bolcar, the acting chief of the F.B.I.’s Los Angeles bureau, said. The defendants there sent mass e-mail messages that appeared to be authentic communication from the banks, the F.B.I. said.
Many of the suspects have been indicted on multiple charges, including computer fraud, conspiracy to commit bank fraud, money laundering, and aggravated identify theft. The investigation began nearly two years ago when the banks discovered the fraud and alerted the FBI.
Phishing e-mails are an ingenious ploy to get an individual's personal information and use it to perpetuate some type of fraud. In this case, the phishers sent fraudulent e-mails posing as either Bank of America or Wells Fargo. When the victims clicked through, they were taken to a fake Web site dressed up to look identical to their bank's. Once they entered their personal information—like passwords, Social Security numbers, bank account numbers, and drivers' license numbers—the cybercriminals stole it. In this particular case, the phishers used the information they stole to break into their victims' real accounts and transferred money into accounts they had set up. Some of that money was then sent back to Egypt, where the e-mails originated.
During an address yesterday in San Francisco while the FBI was moving in on suspects, Mueller noted that cybercrimes can have national security implications. "Something that looks like an ordinary phishing scam may be an attempt by a terrorist group to raise funding for an operation," he said.
"The FBI is both a law enforcement and national security agency, which means we can and must address every angle of a cyber case," he add. "This is critical, because what may start as a criminal investigation may lead to a national security threat."
The FBI's bust, however, shouldn't provide much deterrent value to other cyberscammers, one expert says. Chet Wisniewski, senior security advisor at the Web security firm Sophos, told the Times that "If there's an opportunity to make money, someone will be there to collect the bill."
For those looking to avoid taking a phisher's lure, here's a best practice: When you receive an e-mail from your bank or a social networking site, do not click through to the Web site from the e-mail. Instead, open another tab or window and directly type in the site's Web address. This way you know you're going to the official site.
♦ Photo by Pieter Musterd/Flickr