Phishing Cases – Stealing Money and Identities with Fake Emails and Bogus Websites

click to enlarge

From 2001-2003 Zachary Keith Hill used a phishing scam that sent fake emails to Internet users. He designed them to look like official American Online (AOL) and PayPal messages. Unsuspecting recipients clicked on the link in the email message and entered personal information into a fake website. Hill retrieved this data to create new credit card accounts and steal funds. From this scam he was able to obtain about $75,000 from 400 victims. After his arrest, Hill was convicted and given a 46 month prison sentence.

US and Egyptian authorities worked together to uncover a large international phishing case that targeted US financial institutions. The investigation began in 2007 under code name “Operation Phish Phry.” Over 100 people were thought to be involved. After two years of uncovering evidence, 53 Americans were arrested along with 47 Egyptians. The conspirators were then charged with computer fraud, aggravated ID theft and bank fraud.

In 2006, Northern California resident Tien “Tim” Truong Nguyen, along with two Romanian cyber criminals (Stefani Ruland and Ryan Price) worked together on a phishing scam that enabled them to obtain over $193,000 in cash and merchandise from Wal-Mart. Tim Nguyen set up fake phishing websites and emails which led unsuspecting PayPal and Fairwind Credit Union account holders into giving personal information. Tim then transferred this data to Ruland and Price in exchange for methamphetamine. Fake credit accounts were created through Wal-Mart kiosks.

While many phishing cases of this nature have gone undiscovered, this scam was uncovered by a Wal-Mart investigator who received an anonymous tip from Tim Nguyen’s neighbor. He was arrested January 26, 2007 and was then sentenced to four years in prison. Romanian Stephani Ruland was also arrested in Pleasanton California. Her sentence included eleven counts of identity theft, three counts of possession of stolen property and three counts of burglary. As of 2009 Ruland is still serving a prison sentence for her numerous crimes.

23 year old Romanian immigrant Sergiu Daniel Popa pulled off an elaborate phishing scheme that resulted in the loss of over $700,000. From 2004 to 2007 he created multiple fake websites and email messages designed to look like the legitimate businesses of TCF Bank, eBay, Citibank and Suntrust. This scheme allowed him to accumulate over 10,000 email addresses, user names and passwords. This information was then used to obtain bank/credit card information, social security numbers and other personal data from his phishing victims. Sergiu also sold this stolen data to other scammers along with a “how to” kit that included a step by step guide (for which he charged $1,500) to learn his phishing scheme. This 2007 phishing case resulted in Sergiu Popa being sentenced to eight and a half years in jail.