Thirty-eight people were charged Monday with stealing names, Social Security identification numbers, credit card data and other personal information from unsuspecting Internet users as part of a global crime ring.
The Romanian-based scams sought to rip off thousands of American consumers and hundreds of financial institutions, according to indictments unsealed in Los Angeles, California, and New Haven, Conn.
More than half the people charged are Romanian, although the alleged scam also operated from the United States, Canada, Portugal and Pakistan. The cases were linked by two Romanians who participated in both schemes, authorities said.
The two cases marked the latest example of what the Justice Department describes as a growing worldwide threat posed by organized crime.
"International organized crime poses a serious threat not only to the United States and Romania but to all nations," Deputy Attorney General Mark R. Filip said in a statement from Bucharest, where he announced the charges. "Criminals who exploit the power and convenience of the Internet do not recognize national borders; therefore our efforts to prevent their attacks cannot end at our borders either."
The practice, known as phishing, typically involves sending fraudulent e-mails that include links directing recipients to fake Web sites where they are asked to provide sensitive data. Phishers also may include attachments that, when clicked, secretly install "spyware" that can capture personal information and send it to third parties over the Internet.
In Los Angeles, 33 people faced 65 counts on a bevy of charges, including racketeering, bank fraud and identity theft. Prosecutors say scam artists based in Romania snagged information about thousands of credit and debit card accounts and other personal data from people who answered spam e-mail. The data then were sent to the United States and encoded on magnetic cards that could be used to withdraw money from bank accounts.
One encoder in the scam, identified only as Seuong Wook Lee, pleaded guilty last week in federal court in Los Angeles to racketeering conspiracy, bank fraud, access device fraud and unauthorized access of a protected computer.
Meanwhile, in Connecticut, seven Romanians allegedly spammed consumers with directions to visit a hacked-in Web site posing as at least a half-dozen legitimate bank sites, including Citibank, Wells Fargo and PayPal. The seven Romanians, two of whom also were alleged to have been involved in the Los Angeles scheme, were indicted in January on charges that were unsealed only last week. One of them, Ovidiu-Ionut Nicola-Roman, was arrested in Bulgaria last summer and extradited to the United States in November.