Security Experts:

California Woman Gets 5 Years in Prison for Role in Phishing Scheme

A California woman was sentenced Monday to five years in federal prison for her role in an international phishing operation that tried to defraud banks of more than $1 million.

Nichole Michelle Merzi, 26, of Oceanside, was sentenced following a six-week trial in 2011 that ended with her being convicted of bank and wire fraud conspiracy, aggravated identity theft, computer fraud conspiracy and money laundering conspiracy charges.

FBI Tracking CybercrimeAccording to authorities, Merzi and her then-boyfriend Kenneth Joseph Lucas II were involved in a scheme uncovered by Operation Phish Phry, a multinational investigation conducted in the United States and Egypt that led to charges against 100 people. As a result of the operation, 47 people have been convicted in federal court in Los Angeles. Last year, Lucas was sentenced to a total of 13 years after being convicted in two federal cases – one involving the phishing scheme, and the other a marijuana growing operation.

The cyber-gang’s operation used traditional phishing tactics, spamming out emails that appeared to be official correspondence from banks or credit card companies that directed recipients to malicious sites. Once there, the customers would be prompted to enter their account numbers, passwords and other sensitive information, according to the FBI. Using the stolen data, the gang hacked into accounts at two banks, and then individuals in Egypt coordinated the transfer of the stolen funds to other accounts.

The U.S. arm of the operation was overseen by Lucas, who directed other participants to recruit “drops” to set up and use bank accounts where stolen funds could be held. A portion of the stolen money was transferred through wire services to the Egyptian co-conspirators.

“The harm done by [Merzi]’s activities is undisputed,” according to the government’s sentencing memo. “Although BOA [Bank of America] and Wells Fargo reimbursed the individual victims whose accounts were compromised, it is undeniable that the scheme affected a large number of victims,” given that the illegal phishing transfers “occurred in amounts around $1,000 at a time.”

Merzi has been in custody since her conviction in March of 2011.

Subscribe to the SecurityWeek Email Briefing
view counter