FBI smashes US-Egypt cyber 'phishing' ring

LOS ANGELES — Investigators in the United States and Egypt have smashed a computer "phishing" identity theft scam described as the biggest cyber-crime investigation in US history, officials said Wednesday.

The Federal Bureau of Investigation said 33 people were arrested across the United States early Wednesday while authorities in Egypt charged 47 more people linked to the scam.

A total of 53 suspects were named in connection with the scam in a federal grand jury indictment, the FBI said.

Authorities said the sophisticated identity theft network had gathered information from thousands of victims which was used to defraud American banks.

Wednesday's arrests were the culmination of a two-year probe involving US and Egyptian officials dubbed "Operation Phish Phry."

The investigation was described in statement as the largest cybercrime investigation to date in the United States.

A series of raids early Wednesday resulted in arrests in California, Nevada and North Carolina.

A 51-count US indictment accuses all defendants with conspiracy to commit wire fraud and bank fraud while various defendants are charged with aggravated identity theft and conspiracy to commit computer fraud.

"The sophistication with which Phish Phry defendants operated represents an evolving and troubling paradigm in the way identity theft is now committed," FBI Los Angeles acting assistant director Keith Bolcar said.

"Criminally savvy groups recruit here and abroad to pool tactics and skills necessary to commit organized theft facilitated by the computer, including hacking, fraud and identity theft, with a common greed and shared willingness to victimize Americans."

According to an unsealed indictment, Egyptian-based hackers obtained bank account numbers and personal information from bank customers through phishing, and then hacked into accounts at two unidentified banks.

Once compromised accounts had been accessed, hackers in Egypt contacted conspirators based in the United States via text messages, phone calls and Internet chatrooms to arrange transfer of cash to fraudulent accounts.

"This international phishing ring had a significant impact on two banks and caused huge headaches for hundreds, perhaps thousands, of bank customers," acting US Attorney George Cardona said in a statement.

The investigation comes hard on the heels of a security breach targeting thousands of Microsoft Hotmail accounts.

Cyber-crooks evidently used "phishing" tactics to dupe users of Microsoft's free Web-based email service into revealing account and access information, according to the US technology giant.

AFP

Hackers hook Web email users with "phishing" scams

SAN FRANCISCO — Google and Yahoo! on Tuesday joined a growing roster of Web-based email service providers with users duped by hackers into betraying passwords to accounts.

A day after Microsoft blocked access to thousands of Hotmail accounts in response to hackers plundering password information and posting it online, the list of victims was growing to include users of an array of email services.

"We recently became aware of a phishing scheme through which hackers gained user credentials for Web-based mail accounts including a small number of Gmail accounts," Google said in response to an AFP inquiry.

"As soon as we learned of the attack, we forced password resets on the affected accounts. We will continue to force password resets on additional accounts if we become aware of them."

Cyber-crooks evidently used "phishing" tactics to trick users of free Web-based email service into revealing account and access information.

"We are aware that a limited number of Yahoo! IDs may have been made public," Yahoo! said in a statement to AFP. "Online scams and phishing attacks are an ongoing and industry-wide issue."

Time Warner subsidiary AOL, in response to an AFP inquiry, said it is "closely monitoring the situation."

"Our guidance to users is to keep your wits about you: do not click on live links, or insert any details into input fields in emails, pop-ups or Web pages if you are not sure where they come from."

Microsoft said Monday that it learned of the latest problem during the weekend after Hotmail account information of "several thousand" users, many of them reportedly in Europe, was posted at a website.

The unconfirmed list of Hotmail accounts compromised by "phishing" has grown into the tens of thousands.

"We are aware that some Windows Live Hotmail customers' credentials were acquired illegally by a phishing scheme and exposed on a website," Microsoft said. "We have taken measures to block access to all of the accounts that were exposed and have resources in place to help those users reclaim their accounts."

Phishing is an Internet bane and involves using what hackers refer to as "social engineering" to trick people into revealing information online or downloading malicious software onto computers.

Phishing tactics include sending people tainted email attachments that promise enticing content such as sexy photos of celebrities and luring people to bogus log-in pages that are convincing replicas of legitimate websites.

Microsoft, Google, and Yahoo! stressed that hackers did not breach their databases, but rather email users were conned into revealing information.

"Phishing is an industry-wide problem... exercise extreme caution when opening unsolicited attachments and links from both known and unknown sources, and install and regularly update anti-virus software," Microsoft said.

Google advises Gmail users not to "click through" on warnings browsers may raise about certificates nor sign in at Web addresses that don't start with google.com/accounts.

Web-based email users who suspect their accounts have been compromised should change passwords and check to make certain any secondary email or texting options in accounts have not been changed.

"We encourage users to be very careful when asked to share their personal information," Google said.

The email service providers urged people to visit pages at their websites with advice and tools for protecting accounts.

AFP

Hackers expose slew of Hotmail acount passwords

SAN FRANCISCO — Microsoft blocked access to thousands of Hotmail accounts in response to hackers plundering password information and posting it online.

Cyber-crooks evidently used "phishing" tactics to dupe users of Microsoft's free Web-based email service into revealing account and access information, according to the US technology giant.

"We are aware that some Windows Live Hotmail customers' credentials were acquired illegally by a phishing scheme and exposed on a website," Microsoft said in response to an AFP inquiry.

"We have taken measures to block access to all of the accounts that were exposed and have resources in place to help those users reclaim their accounts."

Microsoft said it learned of the problem during the weekend after Hotmail account information of "several thousand" users, many of them reportedly in Europe, was posted at a website.

Phishing is an Internet bane and involves using what hackers refer to as "social engineering" to trick people into revealing information online or downloading malicious software onto computers.

Phishing tactics include sending people tainted email attachments that promise enticing content such as sexy photos of celebrities and luring people to bogus log-in pages that are convincing replicas of legitimate websites.

"This was not a breach of internal Microsoft data," the Redmond, Washington-based technology firm said.

"Phishing is an industry-wide problem ... exercise extreme caution when opening unsolicited attachments and links from both known and unknown sources, and install and regularly update anti-virus software."

Microsoft is also advising Hotmail users to change their account passwords every 90 days

AFP