Arrests made by PCeU after phishing campaign investigation

News by Dan Raywood

The Metropolitan Police Service's (MPS) Police Central e-Crime Unit (PCeU) have arrested six people following an investigation into a phishing scam.

The Metropolitan Police Service's (MPS) Police Central e-Crime Unit (PCeU) have arrested six people following an investigation into a phishing scam.

The suspects, four men and two women, have been arrested on suspicion of conspiracy to defraud, as well as for Computer Misuse Act and money laundering offences, and are being held at police stations in central London, Manchester and Bolton.

The arrest follows an investigation into a sophisticated phishing scam that targeted hundreds of UK students, stealing in excess of £1m. Students with government loans were sent emails inviting them to update their details via a link to a bogus website.

Access was gained to their bank accounts and large amounts of money was stolen, ranging from £1,000 to £5,000 at a time.

Detective Inspector Mark Raymond from the PCeU, said: “We have today disrupted a suspected organised group of cyber criminals and prevented further loss to individuals and institutions in the UK. Today's arrests demonstrate what can be achieved when a partnership approach is adopted to investigate internet-based crime.”

The PCeU encouraged all members of the public to use extreme caution when clicking on links or files in unsolicited emails, and said the safest way to deal with online banking is to log into the site directly via the browser's address bar, and ensure that a secure connection is achieved on any page requesting personal details.

Also, according to the Register, four Romanian nationals have charged with stealing millions of dollars by hacking into the credit card processing systems of more than 200 businesses.

The men remotely accessed point-of-sale systems of 150 Subway sandwich shops and 50 unnamed retailers and stole credit card data of more than 80,000 customers, according to a federal indictment unsealed earlier this week.

The men are alleged to have scanned the internet to identify point-of-sale terminals that used certain remote desktop software applications, and then gained unauthorised access to them by guessing or 'brute forcing' passwords.

The men were named as Adrian-Tiberiu Oprea, Iulian Dolan, Cezar Iulian Butu, and Florin Radu. They were each charged with four counts, including conspiracy to commit computer fraud.

Andrew Mason, technical director and co-founder of RandomStorm, said: “We cannot stress strongly enough that organisations should never reuse default or commonly used passwords on servers and remote access applications.

“We see this as a massive issue on the vulnerability scans that we carry out for merchants, where we can enumerate weak passwords that are then reused for domain access logins or enterprise application access, enabling access to confidential information.”


Find this article useful?

Get more great articles like this in your inbox every lunchtime

Video and interviews