Jailed Apple phishing duo also imported pickpockets and cloned credit cards

Filed Under: Apple, Data loss, Featured, Law & order, Phishing

Constanta Agrigoroaie and Radu Savoae. Images courtesy of Metropolitan Police.How's this for irony? A pair of fraudsters phished bank account details out of over 150 Apple users by sending them hairy-scary messages about their accounts having been compromised.

Naturally, those accounts weren't compromised before the messages came, but they sure were compromised in short order after the crooks coerced people into sending account details to a bogus website.

London's Metropolitan Police said in a release that the duo sent emails claiming to be from Apple.

The emails directed victims to update details for the purportedly compromised accounts by clicking on a link to a bogus website.

When the unsuspecting victims complied, sending data that included bank details, an email was sent directly to the defendants.

They used the details to siphon off money. Then, they turned around and used that money to buy tickets for more foreign national criminals - in effect, importing people to commit crime in the UK.

Pickpocketing on London's transport network was a popular activity for the newly imported thieves to undertake, according to the Met Police, as was stealing metal.

The convicted pair are Constanta Agrigoroaie, 23, and Radu Savoae, 28, of Mornington Avenue, Ilford.

When police arrived at the couple's address on 4 April, they said that they found Agrigoroaie sitting in front of a computer, checking out websites belonging to east European airlines.

She also had a script open, showing what police said was a vast amount of personal details, including bank card details with the full 16-digit number, expiry date and CVV number, as well as victims' home addresses.

Police later arrested Savoae when he arrived at the house.

When they searched the place, police found a number of laptops, iPads, printers and USBs, a "vast" quantity of blank credit cards, an embossing machine, a hot foil tipping machine, and a magnetic card reader used to manufacture cloned credit cards.

Image of phishing courtesy of ShutterstockInvestigators also found fake Spanish and Romanian ID cards and a load of cash.

Forensics work uncovered more than 150 credit card numbers and personal details of unknown people from around the globe.

Investigators discovered a spreadsheet on the seized computer that showed a number of fraudulent transactions for vehicle insurance, flight bookings and other purchases for people the police identified as thieves involved in pick-pocketing and theft-of-metal offenses.

The two phishers were sentenced at Snaresbrook Crown Court on Thursday after pleading guilty to conspiracy to commit fraud, six counts of possession of fraudulent ID cards and possessing equipment to make fraudulent ID and bank cards.

They're looking at a combined total of 14 years behind bars for having weaseled £15,000 ($25,630) out of their targets: Agrigoroaie was sentenced to six years and Savoae was sentenced to eight.

Chief Superintendent Matt Bell, Roads and Transport Policing Command said in the release that putting the two behind bars should keep others from falling prey to what sounds like a pretty convincing scam:

This 'phishing' duo took advantage of many internet users and duped them into providing their personal information. However as a result of a tireless investigation by the RTPC, they have been jailed which has no doubt prevented numerous bank customers from becoming victims of this crime.

Here's a perfect example of why we should never send account details via email or be too knee-jerkish when it comes to clicking on links, even if the sender looks perfectly legitimate and sends an official-looking request - particularly when that request urgently tells us to hand over the keys to the kingdom.

It's not just the victims' fault, though. Not all legitimate businesses have wised up to the fact that they shouldn't include quick-and-easy links to login pages.

As Naked Security's Paul Ducklin pointed out recently, after the Heartbleed data leakage revelations, lots of websites got nervous about the prospect of leaked passwords.

Unfortunately, a lot of those jittery sites just couldn't resist sending reset links to customers.

It would be nice to think we're all too savvy to fall for scams like the newly arrested Fagins, but alas! It isn't so.

In fact, an in-house awareness test run late last year managed to persuade 1,850 of the Canadian Justice Department's 5,000 staff to click on scammy links - a fail rate that approaches 40%.

Hopefully, a recent article we wrote should both help businesses to avoid crafting phishy sounding emails and recipients to sniff out the difference between phish and real: Phish or legit - Can you tell the difference?

Images of Constanta Agrigoroaie and Radu Savoae courtesy of Metropolitan Police. Image of phishing courtesy of Shutterstock.

, , , ,

You might like

5 Responses to Jailed Apple phishing duo also imported pickpockets and cloned credit cards

  1. This sounds suspiciously like some of the phishing I've been a target of, lately. I'd had my bank details stolen once (rookie mistake, can't believe I fell for it)....then earlier this year getting loads of phishing emails purporting to be from Apple. When I was getting about 10 a week & it was starting to get on my nerves deleting them all, I forwarded them all to Apple.

    The email address that the phishing emails came from changed a few times, sometimes as subtle as an extra "p" in Apple. Sophisticated looking to start with, by the end they didn't even try spelling properly or anything.

    I think it was the poor use of English that made me flip my lid in the end...anyway, no more since then!

  2. Anonymous · 93 days ago

    Seen a few of these messages and they did look genuine.
    Probably the best I'd seen so far.

  3. Anonymous · 93 days ago

    at this point it's coming down to having to either email or call the company directly and find out whether or not the email is a fake. What you can also do is check the email address it was sent from, if it doesn't look legit, it often isn't.

    As proof of my claim, I received an email from "Revenue Agency of Canada" from this email address "[redacted]happy.comjkj6wbwutv#HOTMAIL@x98.email.[redacted]happy.com"
    Looks pretty fake doesn't it. Keep these things in mind and if you're really not sure, contact the company directly before making quick decisions.

  4. It astounds me that genuine businesses will still send out reset links. It shows serious security ignorance. If they do know that the emails look phishy but send them anyway than thats showing total disregard for their customers.

  5. Elaine · 92 days ago

    If these people were arrested back in April then others must have taken up on their criminal campaign because I received an email from Apple just yesterday requesting my bank details so that they could make a refund! Thankfully I didn't give any details but I did report the email.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

I've been writing about technology, careers, science and health since 1995. I rose to the lofty heights of Executive Editor for eWEEK, popped out with the 2008 crash, joined the freelancer economy, and am still writing for my beloved peeps at places like Sophos's Naked Security, CIO Mag, ComputerWorld, PC Mag, IT Expert Voice, Software Quality Connection, Time, and the US and British editions of HP's Input/Output. I respond to cash and spicy sites, so don't be shy.