Three men jailed over £3m phishing scheme

Three men have been jailed for luring British and Irish bank customers into a phishing scam that police believe netted more than £3m for a criminal gang.

Vincent Alonge, Babatunde Fafore and Ayodeji John Kareem received sentences at Snaresbrook Crown Court on Monday for masterminding and carrying out the phishing operation, after pleading guilty to conspiracy to defraud and other charges.

"It's the first prosecution in the UK of a very detailed, organised phishing operation," Charlie McMurdie, the head of the Metropolitan Police's Central eCrime Unit (PCeU), told ZDNet UK. "It was an end-to-end job."

Normally in the black internet economy, criminals specialise in a certain part of an operation. For example, they may focus on the harvesting of sensitive details, which they then sell on to other criminals, rather than using the data to directly commit fraud. However, Kareem, Fafore and Alonge were involved in an operation that included all stages of a fraud.

They were part of a criminal network that systematically harvested online bank account details, credit and debit card numbers, and other data. The gang sent out email spam to lure bank customers to fake bank websites, where the victims were tricked into handing over their personal information.

The gang then used this information to carry out financial fraud, such as unauthorised bank transfers and credit card transactions. Around 10,000 credit cards and 900 bank accounts were compromised, according to McMurdie.

It's the first prosecution in the UK of a very detailed, organised phishing operation.

– Charlie McMurdie

"This was a sophisticated, concerted attack on UK and international banking systems," she said.

The three men successfully used over 1,400 compromised credit cards to steal money, and the police have traced over £570,000 in provable losses, the PCeU said in a statement on Monday. However, the PCeU estimates that total losses from the stolen credit cards add up to more than £3.1m.

The trial followed the arrest in August of six people in the UK and Ireland, as part of raids arising from Operation Dynamophone. The PCeU worked with the Irish Garda Síochána Fraud Investigation Bureau on the investigation. The other three people detained were released.

Police traced the three scammers through their bogus emails and websites, according to Crown Prosecution Service reviewing lawyer David Levy.

"These men profited enormously by taking advantage of the trust that many of us would place in an internet service that appeared genuine, but their enjoyment of their ill-gotten gains was short-lived," Levy said in the PCeU statement. "The bogus emails and websites that led victims into the scam also led the authorities to the scammers."

Kareem pleaded guilty on 12 May at Southwark Crown Court to one count of conspiracy to defraud, and one count of conspiracy to acquire and use criminal property. He was given one prison sentence of five years, five months, and another of three-and-a-half years, to run concurrently.

Farfore received concurrent prison terms of five years, seven months and four years, after pleading guilty to the same crimes as Kareem on 20 April at Southwark Crown Court.

Alonge pleaded guilty to having "articles for use in fraud", and was sentenced to two years in prison. Alonge received a concurrent sentence of six months for having false identity papers.