The US and Egyptian authorities have busted a huge phishing operation, charging 100 people with illegally obtaining personal bank account information from Bank of America and Wells Fargo customers and stealing money from their accounts.
In the US, more than 50 people in Southern California, Las Vegas and North Carolina were indicted by a grand jury in Los Angeles for scheming to steal bank account information from thousands of people in the US using phishing techniques.
US authorities today arrested 33 of those named in the indictments and are on the lookout for the other 20.
In addition, authorities in Egypt charged another 47 co-conspirators in connection with the same scheme, bringing the total number of people charged to 100 - the largest number of defendants ever charged for the same cybercrime, according to the FBI.
The indictments stem from a two-year operation dubbed "Operation Phish Phry," which involved the FBI, the US Attorney's Office, the Electronic Crimes Task Force in Los Angeles and Egyptian law enforcement authorities.
FBI officials called the operation the largest cybercrime investigation in the US. The arrests were announced in Los Angeles by Keith Bolcar, acting assistant director in charge of the FBI in Los Angeles, George Cardona, acting US Attorney in Los Angeles, and Egyptian law enforcement authorities.
The 51-count indictment, which was unsealed today, accused all of the defendants with conspiracy to commit wire fraud and bank fraud. Some of those named were also charged with aggravated identity theft, unauthorised access to protected computers and money laundering.
Phishing is a form of social engineering where attackers send emails made to look like legitimate correspondence from reputable institutions such as banks. Victims are directed to websites that look authentic but are actually fakes. Once there, they are asked to enter information that can later be used to break into accounts or to commit identity theft.
According to the indictment, hackers in Egypt used phishing techniques to obtain bank account numbers and related personal data from thousands of bank customers in the US. The information was then used to break into customer accounts at two US banks, Bank of America and Wells Fargo.