Four teenagers have been arrested for helping a global phishing gang steal millions of dollars from online bank accounts.

The four, aged between 16 and 17 and all from Australia, are alleged to have allowed their own bank accounts to be used as "mules" to which the phishers could transfer money after it had been stolen. The money was then handed over to the gang via banks accounts located in Russia, presumably minus a token commission.

Instead of tricking users into revealing password and username details via conventional social engineering, the gang is accused of using bogus adverts and emails to lure users to click on links which then installed a keylogging Trojan on those systems.

This would have allowed the gang to record sign-on information when users visited legitimate banking sites. Accounts were emptied using the mule accounts as an apparently legitimate staging post, with victims unaware anything untoward was taking place.

The case will be closely studied by experts as it has a number of elements that demonstrate the rapid rate at which phishing is evolving in sophistication.

This technique is the new fashion in phishing and is much harder to defend against than traditional information theft scamming. Anyone using an infected PC can fall victim.

"In the last year phishing has been turned on its head," said security expert Graham Cluley of anti-virus firm Sophos, referring to the way scammers were now moving to Trojan-based attacks. "Every single day we see new Trojans designed to perform key-logging."

As one area of online security was tightened, phishers were likely to move to new forms of attack such as Trojans and, further in the future, "man-in-the-middle" session attacks, he said.

Criminals would always exploit take the path of least resistance when looking to exploit security weaknesses, and Trojans were now becoming the most reliable means of successful attack.

According to New South Wales police reports, nine members of the phishing gang have been arrested, with a significant number of other arrests being imminent, demonstrating the organised nature of the operation. One of those accused of being a gang ringleader has admitted charges and is due for sentencing on 12 January.

The official amount taken currently stands at $600,000 Australian dollars, but a Police spokesman was quoted in the Australian media as saying the true sum probably ran into the millions and might never be known.


Find your next job with techworld jobs