WASHINGTON – Thirty-eight people were charged Monday with stealing names, Social Security numbers, credit card data and other personal information from unsuspecting Internet users as part of a global crime ring.
The Romanian-based phishing scams sought to rip off thousands of consumers and hundreds of financial institutions, according to indictments unsealed in Los Angeles and New Haven, Conn.
The two related cases marked the latest example of what the Justice Department describes as a growing worldwide threat posed by organized crime.
"International organized crime poses a serious threat not only to the United States and Romania, but to all nations," Deputy Attorney General Mark R. Filip said in a statement from Bucharest, where he announced the charges. "Criminals who exploit the power and convenience of the Internet do not recognize national borders; therefore our efforts to prevent their attacks cannot end at our borders either."
The practice known as phishing typically involves sending fraudulent e-mails that include links directing recipients to fake Web sites where they are asked to input sensitive data. Phishers may also include attachments that, when clicked, secretly install "spyware" that can capture personal information and send it to third parties over the Internet.
More than half of the people charged in Monday's cases are Romanian, although the alleged scam also operated from the United States, Canada, Portugal and Pakistan. The cases were linked by two Romanians who participated in both schemes, authorities said.
In Los Angeles, 33 people faced a 65 counts on a bevy of charges, including racketeering, bank fraud and identity theft. Prosecutors say phishers based in Romania snagged information about thousands of credit and debit card accounts and other personal data from people who answered spam e-mail. The data were then sent to the U.S. and encoded on magnetic cards that could be used to withdraw money from bank accounts.
One encoder in the scam, identified only as Seuong Wook Lee, pleaded guilty last week in federal court in Los Angeles to racketeering conspiracy, bank fraud, access device fraud and unauthorized access of a protected computer.
Meanwhile, in Connecticut, seven Romanians allegedly spammed consumers with directions to visit a hacked-in Web site posing as at least a half-dozen legitimate bank sites, including Citibank, Wells Fargo and PayPal. The seven Romanians — including two also involved in the Los Angeles scheme — were indicted in January in charges that were unsealed only last week. One of them, Ovidiu-Ionut Nicola-Roman, was arrested in Bulgaria last summer and extradited to the United States in November.