According to various news sources (see here and here), on Wednesday the US Federal Bureau of Investigation (FBI) and Egyptian authorities broke up an international phishing ring involved in financial fraud against Bank of America and Wells Fargo Bank customers. The FBI arrested 53 people across California, Nevada and North Carolina in what it called "Operation Phish Phry,"while authorities in Egypt arrested and additional 47 people.
The arrests, the FBI said, were an outcome of a two-year investigation led by the Los Angeles FBI office, working closely with the Secret Service, the Electronics Crimes Task Force in Los Angeles, state and local law enforcement, and the FBI's Egyptian counterparts.
The FBI press release says that the indictment alleges that "co-conspirators in Egypt collected victims' bank account information by using information obtained from their phishing activities. Armed with the bank account information, members of the conspiracy hacked into accounts at Bank of America and Wells Fargo. Once they accessed the accounts, the individuals operating in Egypt communicated via text messages, telephone calls and Internet chat groups with co-conspirators in the United States. Through these communications, members of the criminal ring coordinated the illicit online transfer of funds from compromised accounts to newly created fraudulent accounts."
Each of the 53 defendants named in the US indictment is charged with conspiracy to commit bank fraud and wire fraud, a charge that carries a statutory maximum penalty of 20 years in federal prison.
I have no information on what those charged in Egypt might possibly face. Anyone know?
In related news, FBI Director Robert Mueller, in discussing the problem of phishing at the Commonwealth Club of California, told audiences there that he almost fell victim to a financial phishing scam.
As reported by The Sydney Morning Herald:
"Mueller said he was 'just a few clicks away' from failing victim to the 'classic' Internet phishing scam after receiving an email purportedly from his bank that asked him to verify his account details. He began answering the first few questions before suspecting something wasn't quite right."
" 'It looked pretty legitimate,' he said, adding that he should have known better.
" 'After changing our passwords, I tried to pass the incident off to my wife ... as a teachable moment.' "
"Mueller said his wife replied: 'Well, it is not my teachable moment. However, it is our money. No more Internet banking for you.' "
You can imagine the collective cringing in the executive board rooms in banks across America over reports of Director Mueller's personal little anecdote.
How long before he tries to climb himself out of this public relations hole he dug - I give it a few days.
Finally, there were reports in the UK that card not present (CNP) fraud has dropped by 23% in the first half of 2009. The cost of counterfeit card crime, where cards are skimmed or cloned, dropped by nearly 50%.
Speculation is with the extra CHIP and PIN security on credit and debit cards in the UK that criminals are now recalibrating to their efforts on phishing banking scams and cards issued overseas that don't have as robust security.
Robert N. Charette is a Contributing Editor to IEEE Spectrum and an acknowledged international authority on information technology and systems risk management. A self-described “risk ecologist,” he is interested in the intersections of business, political, technological, and societal risks. Charette is an award-winning author of multiple books and numerous articles on the subjects of risk management, project and program management, innovation, and entrepreneurship. A Life Senior Member of the IEEE, Charette was a recipient of the IEEE Computer Society’s Golden Core Award in 2008.
