Potential victims were contacted via email (phishing) or via SMS (smishing) and were directed to a bogus site that was made to look like a legitimate online bank. The SMS, for instance, read the following:
"We’re confirming that you’ve signed up for our service. You will be charged $2 per day unless you cancel your order on this URL: "
The gang sent more than 1.3 million spam emails in just one phishing attack, stated a US Department of Justice representative.
The gang would collect the banking credentials introduced by the victims and forward to other US-based members that could use them to cash in. According to the police, more than half of the suspects are Romanian. The gang also included people from the USA, Vietnam, Cambodia and Pakistan
"The authorities in the USA and Romania should be applauded for their investigation, which hopefully will result in the dismantling of a major cybercrime ring," said Graham Cluley, senior technology consultant for Sophos. "Meanwhile, this story carries an important message to consumers and businesses alike to have a proper defense in place against phishing attacks, and to never let your guard down when it comes to protecting yourself against internet criminals."