Police in the US and Romania have charged 38 members of a suspected phishing gang.

The group reportedly organised the theft of online banking credentials using both email and text message lures. One phase of the attack involved the distribution of 1.3m fraudulent text messages that posed as communiques from a prospective mark's bank, according to the US Department of Justice.

Data entered by unwary users into a fraudulent website was used to create counterfeit bank cards, which were then used to siphon money from compromised accounts. A percentage of the proceeds were allegedly sent onto Romania while the rest was kept by their US accomplices. Fraudulent transactions were made in Canada, Pakistan, Portugal and Romania.

Customers of financial institutions including Citibank, Capital One, JPMorgan Chase, Comerica Bank, Wells Fargo, eBay and PayPal were targeted by the attack. A complaint over a fraudulent email ostensibly from Connecticut-based People’s Bank prompted an investigation that dismantled the alleged cybercrime ring. It's unclear how much the gang made through the scam.

More than half of those charged are Romanian, while the others are US residents originally from South East Asia. Most of the suspects have been arrested in a series of raids over the last few months while some of the Romanian suspects remain unidentified.

Seuong Wook Lee, a cashier operating at the US end of the scam, pleaded guilty to racketeering, conspiracy, bank fraud, access device fraud and computer hacking offences on 15 May, at a hearing in the US District Court in Los Angeles.

More in a DoJ statement here. ®

Related stories

• Security shocker: 75% of US bank websites have flaws (25 July 2008)
• Romanian phisher confesses to scam targeting financial giants (23 July 2008)
• Romanian cops cuff 24 cybercrime suspects (17 July 2008)
• PayPal ambushes users with mystery Skype charges (13 June 2008)
• Whaling fraudsters harpoon 15,000 victims (10 June 2008)
• French court fines eBay for sale of counterfeit handbags (5 June 2008)
• French police bust 22 youths in alleged hacking network (29 May 2008)
• Dutch arrest 14 mules in ABN AMRO scam (20 December 2007)
• Germany nets ten phishing suspects (14 September 2007)
• Argentina extradites Spanish hacker (11 April 2006)
• Police collar AOL phishing suspect (27 January 2006)
• UK launches major net security awareness campaign (27 October 2005)
• Arrests 'unlikely' to impact botnet threat (13 October 2005)
• £6.5m phishing duo jailed (28 June 2005)
• UK banks hope to send phishing mules packing (24 May 2005)