In a widespread crackdown on phishing, FBI agents in several cities charged more than 50 people in the United States with running a phishing operation that had ties to suspected cybercriminals in Egypt.
Separate FBI raids took place in Nevada, North Carolina and California. The FBI said a raid by Egyptian authorities charged another 47 hackers who allegedly sent out phishing email messages directing victims to malicious webpages designed to look like legitimate banking websites. Once victims provided their account credentials, the hackers then used the information to later pilfer their accounts, the FBI said.
Phishing attack uses pop-up message on bank sites: Security researchers have discovered a new phishing method that forces pop-up login messages to appear on legitimate banking websites.
Phishing, identity theft keeps law enforcement, researchers occupied: An expert on cybercrime and online scams, Derek Manky, is one of the members of the Fortiguard research team.
According to the indictment, the Egypt-based phishers communicated with co-conspirators in the United States via text messages, telephone calls and Internet chat groups. U.S.-based members of the criminal ring were "runners" who opened new accounts where the pilfered funds were transferred. The funds were then withdrawn and transferred via wire services to those residing in Egypt.
Two American banks were targeted by the phishing scam, but authorities declined to name them. So far, 33 of 53 U.S. defendants named in an indictment have been charged with crimes connected to the phishing scheme. The number of people charged also marks the largest cyber crime investigation to date in the United States, the FBI said.
"The sophistication with which Phish Phry defendants operated represents an evolving and troubling paradigm in the way identity theft is now committed," Keith Bolcar, Acting Assistant Director In Charge of the FBI in Los Angeles, said in a statement. "Criminally savvy groups recruit here and abroad to pool tactics and skills necessary to commit organized theft facilitated by the computer, including hacking, fraud and identity theft, with a common greed and shared willingness to victimize Americans."
Security reserachers have been tracking increases in phishing attacks using both email and automated attack toolkits. The number of unique phishing websites reached a high of nearly 50,000 in June, according to a report issued earlier this month by the Antiphishing Working Group. It's unclear if the crackdown would have any effect on phishing globally, but it could serve as a deterrent for those looking to buy and use phishing toolkits, which take most of the technical work out of phishing, said John Harrison, group product manager at Symantec Security Response.
"Anything that law enforcement can do that help show negative consequences in regards to phishing is really a good thing," Harrison said. "It's hard to say what the exact impact will be because so many of these phishing attacks are very automated and can allow for hundreds of thousands of automated websites to be set up by one person."
The FBI's investigation into phishing began in 2007, when agents and several U.S-based financial institutions worked to identify and disrupt cybercriminals as part of an FBI operation called "Phish Phry." Egyptian authorities agreed to pursue a joint investigation.
The FBI said the 51-count indictment accuses all of the defendants with conspiracy to commit wire fraud and bank fraud. Various defendants are charged with bank fraud; aggravated identity theft; conspiracy to commit computer fraud, specifically unauthorized access to protected computers in connection with fraudulent bank transfers and domestic and international money laundering.
The United States part of the ring was allegedly directed by defendants Kenneth Joseph Lucas, Nichole Michelle Merzi, and Jonathan Preston Clark, all California residents.