Security news
Security news16 July 2007
The Italian Job: 26 arrested for Poste Italiane phishing attack Operation "Phish & Chip" nets international gang alleged to have targeted home bankers
Experts at SophosLabs™, Sophos's global network of virus, spyware and spam analysis centers, have welcomed the news that members of an alleged international phishing gang have been arrested following an investigation by Italian police.
The Guardia di Finanza have apprehended 18 Italian citizens and 8 foreign nationals from Eastern Europe in an operation dubbed "Phish & Chip", following a widespread phishing campaign that targeted internet users of Poste Italiane's home-banking services. Poste Italiane is the government-owned postal service which offers financial services across Italy.
The gang are alleged to have spammed out emails, directing users to a bogus Poste Italiane website that stole their login information.
According to a police statement, a 22-year-old man was the main hacker in the group, and confessed to sending emails that pretended to come from Poste Italiane, directing internet users to web servers based overseas that had cloned the appearance of the real banking website. Once login information had been seized, he is alleged to have emptied the innocent users' bank accounts and transferred the money to PostePay cards activated by members of the gang.
The man police alleged to be the ringleader of the gang is said to have made an escape attempt lasting 12 hours before eventually being arrested by the Military Financial Police. The man declared to the authorities that he was a data processing consultant who helped Italian companies prevent credit card fraud.
Laptop computers, data backup devices, false documents, mobile phones, and materials for creating credit cards have been seized by the authorities at the locations they searched across Italy. Numerous credit cards belonging to the Banca Intesa were also confiscated, some of which are said to have been used by the gang the day before at the Casino of San Remo.
"The Italian authorities should be applauded for cracking down on illegal activity like this. Internet criminals can use technology to hide their identities, and it can often be a complex web for the police to untangle," said Graham Cluley, senior technology consultant for Sophos. "Phishing and identity theft are global problems, and countries need to work more closely with each other to bring cybercriminals to justice. These arrests underline the growing organized nature of international identity theft gangs, but there are many other phishers still at large."
Sophos experts encourage all computer users to learn how to reduce the risk of being hit by a phishing attack.
"All computer users should exercise caution over the emails they open, which websites they visit, and who they give their confidential information to as they may find they are falling into a hacker's trap," continued Cluley.
- Best practice advice from Sophos about safe computing
- Paul Ducklin discusses phishing in Sophos podcast: "Phishing - who is to blame?"
- Find out more about how to protect your computer against online threats at www.getsafeonline.org
Earlier this month, Sophos reported how more than 10,000 web pages based in Italy had been attacked by hackers attempting to infect innocent people's computers for the purposes of identity theft.
Sophos recommends companies protect their desktops, servers and gateways with a consolidated solution to thwart the threats of viruses, spyware, hacking, phishing and spam.
About Sophos
Sophos enables enterprises all over the world to secure and control their IT infrastructure. Sophos's network access control, endpoint, web and email solutions simplify security to provide integrated defenses against malware, spyware, intrusions, unwanted applications, spam, policy abuse, data leakage and compliance drift. With over 20 years of experience, Sophos protects over 100 million users in nearly 150 countries with its reliably engineered security solutions and services. Recognized for its high level of customer satisfaction and powerful yet easy-to-use solutions, Sophos has received many industry awards, as well as positive reviews and certifications.
Sophos is headquartered in Boston, US and Oxford, UK. More information is available at www.sophos.com
