Romanian Hackers Extradited to U.S. over $18M Vishing Scam

The two have been arraigned in a Georgia district court on charges relating to an elaborate voice- and SMS-phishing (i.e., vishing/smishing) scheme.

A pair of Romanian hackers have been extradited to the U.S. after allegedly bilking unwitting victims out of more than $18 million in an elaborate voice- and SMS-phishing (i.e., vishing/smishing) scheme.

Teodor Laurentiu Costea and Robert Codrut Dumitrescu were named in the 31-count federal grand jury indictment on August 16 last year; they were arraigned last week in the Northern District of Georgia following their extradition. Another co-defendant, Cosmin Draghici, is in custody in Romania awaiting his own extradition to the U.S. They face federal charges of wire fraud conspiracy, wire fraud, computer fraud and abuse, and aggravated identity theft.

“While in Romania, the defendants allegedly targeted victims throughout the U.S., including in the Northern District of Georgia, stealing personal information and possibly causing millions of dollars in losses,” said U. S. Attorney Byung J. “BJay” Pak. “These extraditions send a strong warning to cybercriminals and fraudsters worldwide, that we, along with our law-enforcement partners, will work tirelessly to bring you to justice.”

Pak said that from October 2011 until February 2014, Costea and Dumitrescu lived in Ploiesti, Romania but allegedly spent their time compromising vulnerable computers in the U.S. from which they mounted an automated vishing and smishing scam. The court documents allege that they installed interactive voice response software on victim computers in the Atlanta area to initiate thousands of automated telephone calls and text messages to victims across country. Those messages purported to be from a financial institution and directed victims to call a telephone number due to a supposed problem with their respective financial account.

When victims called the telephone number, they were prompted by the IVR software to enter their bank account numbers, PINs, and full or partial Social Security numbers. The stolen account numbers were stored on the compromised computers and then accessed by Costea and Dumitrescu, who then allegedly sold or used the fraudulently obtained information with the assistance of Draghici.

At the time of his arrest in Romania, Costea possessed 36,051 fraudulently obtained financial account numbers, the court documents alleged.

“Our message to the victims of cyber-fraud is that the FBI won’t let geographic boundaries stop us from pursuing and prosecuting the persons who cause them tremendous financial pain,” said David LeValley, special agent in charge of FBI Atlanta. “Our message to the perpetrators of these crimes is that cybercriminals cannot hide in the shadows of the internet. We will identify them and bring them to justice.”

Suggested articles

Discussion

  • Andy on

    Stop calling it "vishing". There is no such thing as vishing. Telephone scams existed long before phishing, the internet, or this website ever did. Promoting stupid buzzwords to push headlines is just making harder for common people to understand security.
    • Anonymous on

      Yeah. It's social engineering.. get it right.
  • TheBeaver on

    Vishing, smishing, gtfo. Making up words is not winning. Or maybe it is, and next time you can use words like mishing, tishing, and bishing.
  • Cannuck on

    The real scam is the creation of money out of thin air by central banks and retail lending banks through our fractional reserve banking system. The money has found its way into assets, not consumables and therefore doesn't register as "inflation". Folks, they don't have the money in the safe at the back (or anywhere else). They simply create it and then charge you interest on it when you borrow it.

Subscribe to our newsletter, Threatpost Today!

Get the latest breaking news delivered daily to your inbox.