Deirdre M. Daly, U.S. attorney for the district of Connecticut, announced that two more Romanian citizens have been sentenced for their participation in an extensive Internet “phishing” scheme. On May 27, Ciprian Dumitru Tudor, 33, was sentenced by Chief U.S. District Judge Janet C. Hall in New Haven to 14 months of imprisonment. On May 23, Bogdan-Mircea Stoica, 34, was sentenced by Judge Hall to approximately 27 months of imprisonment, time already served.
Tudor and Stoica were extradited from Romania following the ratification in 2010 of an amended treaty on mutual legal assistance between Romania and the United States. Tudor was arrested by Romanian authorities in November 2013, and he was extradited to the U.S. that same month. He previously had served a sentence of imprisonment in Romania for related crimes. Stoica was arrested by Romanian authorities in February 2012 and was extradited to the U.S. in April 2012.
A phishing scheme uses the Internet to target large numbers of unwary individuals, using fraud and deceit to obtain private personal and financial information such as names, addresses, bank account numbers, credit card numbers and Social Security numbers. Phishing schemes often work by sending out large numbers of counterfeit e-mail messages that are made to appear as if they originated from legitimate banks, financial institutions or other companies. The fraudulent e-mail messages ask individuals to click on a hyperlink contained in the e-mail message, which would take the individual to a counterfeit site on the Internet that purports to be the Internet site of the particular bank, financial institution or company. At the counterfeit Internet site, the individual is then asked to enter information such as the individual’s name, address, and credit or debit card numbers.
According to court documents and statements made in court, in June 2005, a resident of Madison, Connecticut, contacted the FBI in New Haven about a suspicious e-mail that she had received that purported to be from Connecticut-based People’s Bank. The e-mail stated that the recipient’s online banking access profile had been locked and instructed the recipient to click on a link to a web page where the recipient could enter information to “unlock” his or her profile. The web page appeared to originate from People’s Bank but, as the investigation revealed, was actually hosted on a compromised computer in Minnesota. Any personal identifying and financial information provided by the individual would be sent by e-mail to individuals in Romania or to a “collector” account, which was an e-mail account used to receive and collect the information obtained through phishing.
Tudor, Stoica, and others were part of a loose-knit conspiracy of individuals from Craiova, Romania, and neighboring areas that shared files, tools and stolen information obtained through phishing. The co-conspirators used and shared a number of collector accounts, which contained thousands of e-mail messages that contained credit or debit card numbers, expiration dates, CVV codes, PINs, and other personal identification information such as names, addresses, telephone numbers, dates of birth and Social Security numbers. The co-conspirators then used the personal and financial information to access bank accounts and lines of credit and to withdraw funds without authorization, often from ATMs in Romania.
In addition to People’s Bank, financial institutions and companies targeted by the defendants included Citibank, Capital One, Bank of America, JPMorgan Chase & Co., Comerica Bank, Regions Bank, LaSalle Bank, U.S. Bank, Wells Fargo & Co., eBay and PayPal.
This investigation, which resulted in criminal charges against 19 Romanian citizens, has been conducted by the FBI in New Haven, Connecticut.
U.S. Attorney Daly acknowledged the critical assistance provided by the U.S. Department of Justice Office of International Affairs, the FBI Legal Attaché in Bucharest, Interpol, the Romanian National Police, and the U.S. Marshals Service.