-=[BUSTED]=- Phish Phry Serves Up 5 More Sentences

The FBI’s LA website is reporting that 5 people were convicted today of federal charges for their roles in an international “phishing” operation that used spam e-mails and bogus websites to collect personal information that was used to defraud American banks.  The guilty verdicts this afternoon by a federal jury were given to 5 among 53 defendants charged in the fall of 2009 as part of Operation “Phish Phry,” a multinational investigation conducted in the United States and Egypt that led to charges against 100 individuals.  This is the largest number of defendants ever charged to date in an online crime case.  With today’s guilty verdicts, a total of 46 people have been convicted in federal court in Los Angeles as a result of Phish Phry.

The operation revealed how Egyptian-based hackers obtained account numbers and personal information from a number of bank customers by sending out e-mail messages that appear to be official correspondence from banks or credit card vendors directing their victims to fake banking websites.  The sites asked each victim to enter their bank account numbers, passwords and other information.  The victims were fooled, and did not realize that the websites were fraudulent.

Members of the conspiracy in Egypt then collected the information and accessed the bank accounts.  Once the accounts were accessed, the Egyptian operators communicated via text messages, phone calls, and Internet chat sessions with co-conspirators in the US to coordinate the online transfer of funds from the compromised accounts to newly created fraudulent accounts.

The US part of the ring was directed by three people, including Nichole Michelle Merzi, one of the defendants who was convicted today.  They directed associates to recruit runners to set up bank accounts to receive and withdraw the stolen funds.  A portion of the funds were then transferred via wire services to the Egyptian co-conspirators who had originally provided the bank account information obtained via phishing.

The conspiracy and bank fraud charges in this case carry statutory maximum sentences of 30 years in federal prison.  The charge of aggravated identity theft carries a minimum sentence of two years that must be added to any of sentence imposed on the defendant.  The jury that convicted the five defendants today determined that one defendant was not guilty.  One defendant has agreed to plead guilty, and one defendant is a fugitive.  Prosecutors previously dismissed charges against two of the defendants initially charged in this case.  The final two defendants charged in relation to Phish Phry are pending trial.

Score another 5 for the good guys!  Los Angeles FBI