Thirty-eight people were charged Monday with stealing names, Social Security numbers, credit card data and other personal information from unsuspecting Internet users as part of a global crime ring.
The Romanian-based "phishing" scams sought to rip off thousands of consumers and hundreds of financial institutions, according to indictments unsealed in Los Angeles and New Haven, Conn.
The two related cases marked the latest example of what the Justice Department describes as a growing worldwide threat posed by organized crime.
"International organized crime poses a serious threat not only to the United States and Romania but to all nations," U.S. Deputy Atty. Gen. Mark R. Filip said in a statement from Bucharest, where he announced the charges. "Criminals who exploit the power and convenience of the Internet do not recognize national borders; therefore our efforts to prevent their attacks cannot end at our borders either."
The practice known as phishing typically involves sending fraudulent e-mails that include links directing recipients to fake websites where they are asked to input sensitive data. Phishers may also include attachments that, when clicked, secretly install spyware that can capture personal information and send it to third parties over the Internet.
More than half the people charged in Monday's cases are Romanian, although the alleged scam also operated from the United States, Canada, Portugal and Pakistan. The cases were linked by two Romanians who participated in both schemes, authorities said.
In Los Angeles, 33 people faced a bevy of charges, including racketeering, bank fraud and identity theft. Prosecutors say phishers based in Romania snagged information about thousands of credit and debit card accounts and other personal data from people who answered spam e-mail. The data were then sent to the U.S. and encoded on magnetic cards that could be used to withdraw money from bank accounts.
In Connecticut, seven Romanians allegedly sent e-mail purportedly from legitimate banks such as Citibank and Wells Fargo that directed consumers to a hacked website.