Sophos : Phisher pleads Guilty to stealing USD 700.000
October 2008 by Sophos
IT security and control firm Sophos has welcomed news that a 22-year-old Romanian has pleaded guilty to stealing approximately USD 700,000 from over 7,000 people after spamming out phishing emails claiming to come from financial institutions including PayPal and Citibank. He now faces up to ten years in jail and a USD 500,000 fine.
Sergiu Daniel Popa was extradited to the USA from Spain in June this year. According to reports he lead victims to bogus websites and then tricked them into revealing their PIN codes, names, addresses, bank account and credit card numbers, and social security information - all of which could then be used for financial gain.
"The authorities have done a great job in pursuing this case and forcing Popa to face his day in court," said Graham Cluley, senior technology consultant at Sophos. "Sadly though, there are still plenty of other criminals taking advantage of innocent internet users and stealing identities from the unwary."
According to reports, Popa was also offering phishing kits for sale with instructions on how to counterfeit credit cards. Sophos experts note that he seemed to have a high opinion of his position in the criminal underworld as evidenced by this email he wrote to an associate in January 2005:
“Listen up, I am a accredited [sic] vendor in underworld. I have many scams, shop admins, and many full info credit cards. I can also pull up credit reports and cash out ATMs. I charge for my services but I am a great provider of everything.”
Sophos recommends that all computer users ensure they are fully defending against attacks, including spam, phishing and malware, and that they exercise caution when responding to or clicking on links in emails that ask for financial or personal information.