Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Phishing

California Woman Gets 5 Years in Prison for Role in Phishing Scheme

A California woman was sentenced Monday to five years in federal prison for her role in an international phishing operation that tried to defraud banks of more than $1 million.

Nichole Michelle Merzi, 26, of Oceanside, was sentenced following a six-week trial in 2011 that ended with her being convicted of bank and wire fraud conspiracy, aggravated identity theft, computer fraud conspiracy and money laundering conspiracy charges.

A California woman was sentenced Monday to five years in federal prison for her role in an international phishing operation that tried to defraud banks of more than $1 million.

Nichole Michelle Merzi, 26, of Oceanside, was sentenced following a six-week trial in 2011 that ended with her being convicted of bank and wire fraud conspiracy, aggravated identity theft, computer fraud conspiracy and money laundering conspiracy charges.

FBI Tracking CybercrimeAccording to authorities, Merzi and her then-boyfriend Kenneth Joseph Lucas II were involved in a scheme uncovered by Operation Phish Phry, a multinational investigation conducted in the United States and Egypt that led to charges against 100 people. As a result of the operation, 47 people have been convicted in federal court in Los Angeles. Last year, Lucas was sentenced to a total of 13 years after being convicted in two federal cases – one involving the phishing scheme, and the other a marijuana growing operation.

The cyber-gang’s operation used traditional phishing tactics, spamming out emails that appeared to be official correspondence from banks or credit card companies that directed recipients to malicious sites. Once there, the customers would be prompted to enter their account numbers, passwords and other sensitive information, according to the FBI. Using the stolen data, the gang hacked into accounts at two banks, and then individuals in Egypt coordinated the transfer of the stolen funds to other accounts.

The U.S. arm of the operation was overseen by Lucas, who directed other participants to recruit “drops” to set up and use bank accounts where stolen funds could be held. A portion of the stolen money was transferred through wire services to the Egyptian co-conspirators.

“The harm done by [Merzi]’s activities is undisputed,” according to the government’s sentencing memo. “Although BOA [Bank of America] and Wells Fargo reimbursed the individual victims whose accounts were compromised, it is undeniable that the scheme affected a large number of victims,” given that the illegal phishing transfers “occurred in amounts around $1,000 at a time.”

Merzi has been in custody since her conviction in March of 2011.

Written By

Click to comment

Expert Insights

Related Content

Nation-State

The North Korean APT tracked as TA444 is either moonlighting from its previous primary purpose, expanding its attack repertoire, or is being impersonated by...

Cybercrime

The FBI dismantled the network of the prolific Hive ransomware gang and seized infrastructure in Los Angeles that was used for the operation.

Ransomware

The Hive ransomware website has been seized as part of an operation that involved law enforcement in 10 countries.

Cyberwarfare

The UK’s NCSC has issued a security advisory to warn about spearphishing campaigns conducted by two unrelated Russian and Iranian hacker groups.

Ransomware

US government reminds the public that a reward of up to $10 million is offered for information on cybercriminals, including members of the Hive...

Application Security

Electric car maker Tesla is using the annual Pwn2Own hacker contest to incentivize security researchers to showcase complex exploit chains that can lead to...

Phishing

The Single Most Important Part of Dealing with a Phishing Attack is Preparing for the Attack Before it Actually Happens.

Phishing

The easiest way for a cyber-attacker to gain access to sensitive data is by compromising an end user’s identity and credentials. Things get even...