Feeds

£6.5m phishing duo jailed

Sprats

  • alert
  • submit to reddit

Beginner's guide to SSL certificates

An American who masterminded the UK part of a multi-million pound ID theft scam was yesterday jailed for six years. Douglas Havard, 24, was sentenced on Monday at Leeds Crown Court after pleading guilty to conspiracy to defraud and conspiracy to launder money. His accomplice, Lee Elwood, 25, of Glasgow, was jailed for four years after pleading guilty to the same offences in June 2004.

The court heard the duo were integral to a phishing scam that netted an estimated £6.5m. The duo operated the UK end of an international operation that tricked consumers into handing over their banking credentials to bogus websites. The pair used credit cards obtained under false names, money raided from compromised bank accounts and the illicit purchase and sale of goods online to finance a lavish lifestyle.

Their criminality was exposed during a National Hi-Tech Crime Unit (NHTCU) investigation into eastern European phishing fraudsters. Police reckon Havard and Elwood stole over £750,000 during the 10-month period of the investigation but estimate they could have raked in as much as £6.5m over two years.

Havard confessed to receiving data dumps of compromised account details from criminal associates in Russia. This information was used to pay for goods online, sold in auctions by criminal affiliates in the UK. Havard and Elwood and their UK allies would take a cut before forwarding the balance back to Russia. Police found forged travellers' cheques, financial documents relating to 10 bank compromised bank accounts and cash when they raided Havard's flat. Intelligence recovered led to a raid on Elwood's home where police recovered forged documentation and bank documents as well as a cache of credit card counterfeiting equipment.

Police said Havard and Elwood were active on illegal "carding websites" such as carderplanet and shadowcrew, The Scotsman reports. The paper adds that Havard faces charges counterfeiting and armed robbery in Texas. ®

Related stories

Four charged in landmark UK phishing case
UK banks launch anti-phishing website
DIY phishing kits hit the Net
UK police issue 'vicious' Trojan alert
UK police arrest 12 phishing mule suspects
eCrime cost UK.biz £2.4bn in 2004
US Secret Service busts 28 ID fraudsters

Internet Security Threat Report 2014

More from The Register

next story
Regin: The super-spyware the security industry has been silent about
NSA fingered as likely source of complex malware family
Why did it take antivirus giants YEARS to drill into super-scary Regin? Symantec responds...
FYI this isn't just going to target Windows, Linux and OS X fans
Privacy bods offer GOV SPY VICTIMS a FREE SPYWARE SNIFFER
Looks for gov malware that evades most antivirus
Patch NOW! Microsoft slings emergency bug fix at Windows admins
Vulnerability promotes lusers to domain overlords ... oops
HACKERS can DELETE SURVEILLANCE DVRS remotely – report
Hikvision devices wide open to hacking, claim securobods
'Regin': The 'New Stuxnet' spook-grade SOFTWARE WEAPON described
'A degree of technical competence rarely seen'
Astro-boffins start opening universe simulation data
Got a supercomputer? Want to simulate a universe? Here you go
prev story

Whitepapers

Go beyond APM with real-time IT operations analytics
How IT operations teams can harness the wealth of wire data already flowing through their environment for real-time operational intelligence.
5 critical considerations for enterprise cloud backup
Key considerations when evaluating cloud backup solutions to ensure adequate protection security and availability of enterprise data.
Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
How to simplify SSL certificate management
Simple steps to take control of SSL certificates across the enterprise, and recommendations centralizing certificate management throughout their lifecycle.