A Romanian national pleaded guilty on Thursday to a charge related to a phishing operation that sought to defraud customers of banks such as Citibank and Wells Fargo, and of Web sites such as eBay.
Cornel Ionut Tonita, 28, of Galati, Romania, could face up to five years in prison when he is sentenced on April 5 in U.S. District Court for the District of Connecticut, according to the U.S. Department of Justice. He pleaded guilty to a single charge of conspiracy to commit fraud related to spam.
Tonita and another Romanian, Petru Belbita, were accused of setting up fake Web sites in order to steal passwords and sensitive financial information.
They built in privacy…so can you
They also were allegedly passing payment card details to others who would then make fraudulent cards.
A third Romanian co-conspirator, Ovidiu-Ionut Nicola-Roman, was the first foreign national convicted in the U.S. of phishing and was sentenced in March 2009 to more than four years in prison.
Tonita admitted using software to collect e-mail addresses in order to send spam that would then try to entice people into browsing one of the fake Web sites. Prosecutors alleged he sent a file with 9,811 e-mail addresses to another co-conspirator.
Tonita was arrested in Dubrovnik, Croatia, in July 2009 and extradited to the U.S.
His arrest was part of a sweeping bust in May 2008 by U.S. and Romanian authorities that led to charges against around 40 people, all of whom had ties to organized crime, the DOJ has said.
In Canada, many phishing operations get particularly intense during certain times – such as the Christmas or tax season.
Last year, for instance, Internet fraudsters ran a phising campaign promising taxpayers a refund in a bid to steal their personal information, according to the Canada Revenue Agency (CRA).
The reward offered wasn’t plentiful – $386 – but the con-artists hoped it would be enough to entice Canadians to click on a link and volunteer personal information.
The frauduent e-mail — designed to look like it came from the CRA — is typical of many phishing attacks. But the tax refund scam seemed particularly resilient. Two waves of fraudulent e-mails were sent out.
The origins of the first wave were traced to Japan, while the second batch came out of the U.S., said Caitlin Workman, media relations with the CRA.
The e-mail included an embedded link to a phishing Web page designed to appear like the CRA’s official site. It used the same colour scheme and logo, and even included links to the real agency’s Web site.
The page presented a form asking the taxpayer to enter vital personal details including social insurance number, date of birth, full name, and the amount of money received on the last tax return.
But there were a couple of telltale signs a watchful observer would recognize as a phishing Web page, according to Marc Fossi, manager of security technologies and response at Symantec Corp., a Cupertino, Calif.-based security vendor.
This phishing site has a couple of telltale errors
“If you look at the ‘Français’ link along the top bar, there is a Chinese character there instead of the properly formatted ç,” he said. “It’s also not a secure page. You don’t see the lock icon anywhere on the browser.”
Also, the Web page domain in the URL wasn’t the CRA’s server, but a Taiwan-based address, he adds.
Phishing attacks – the attempt by fraudsters to skim personal information off of unsuspecting Internet users by presenting a legitimate façade – typically imitate financial companies, but sometimes pose as government agencies.
The attacks are commonplace.
In Canada, the Anti-Phishing Work Group, cross-industry association, functions as a global law enforcement agency focused on eliminating fraud and identity theft.
Symantec is a member, as are other Internet security vendors.
Identity theft was likely the motive behind the CRA attack, Fossi says.
“They could pose as you in contacting the CRA and try to have your information changed,” he says. “Or they could be selling the information so others could use it for identity theft.”
Symantec and other security vendors sell anti-phishing security products. But educating Web users about online safety is critical to stopping fraudsters.
“The warning about not sending out your information through e-mail has gone out for awhile,” Fossi says.
CRA will only occasionally communicate via e-mail with taxpayers, and will never request personal information through e-mail, CRA’s Workman says. When the agency does send an e-mail, it will notify the taxpayer to expect it via a telephone call or a letter.
Unsolicited e-mails that appear to come from the CRA should be deleted immediately, she says.