NEW HAVEN, Conn Two Romanian nationals who drained tens of thousands from bank and credit union accounts with a sophisticated phishing fraud were sentenced to federal prison terms this afternoon.
The two men, Bogdan Boceanu, 30, and Andrei Bolovan, 29, headed a Romania-based scheme using fraud to obtain personal information from U.S. accountholders, then tapped into the accounts, usually by withdrawing cash at ATMs.
The seven-year investigation has resulted in criminal charges against 19 Romanian citizens. On January 18, 2007, a grand jury in New Haven returned an indictment charging seven defendants with various offenses stemming from this scheme. On November 10, 2010, a grand jury returned a second superseding indictment charging an additional 12 defendants, including Boceanu and Bolovan. The first three defendants to face charges were extradited from Bulgaria, Croatia and Canada. Boceanu, Bolovan and six other defendants were extradited from Romania following the ratification in 2010 of an amended treaty on mutual legal assistance between Romania and the U.S.
Typically the phishers contacted the account holders by email or text purporting to be from their bank or credit union and asked them for personal identifying information like account numbers, passwords or Social Security numbers.
Boceanu was sentenced to 80 months behind bars and Bolovan to 27 months.
The two men were part of a loose-knit conspiracy of individuals from Craiova, Romania, and neighboring areas that shared files, tools, and stolen information obtained through phishing, according to authorities. The conspirators used and shared a number of collector accounts, which contained thousands of email messages that contained credit or debit card numbers, expiration dates, CVV codes, PIN numbers, and other personal identification information such as names, addresses, telephone numbers, dates of birth, and Social Security numbers. Then they used the personal and financial information to access bank accounts and lines of credit and to withdraw funds without authorization, often from ATMs in Romania.
More than 12,000 credit or debit card numbers were found in Boceanu’s email accounts between 2004 and 2009. Boceanu also purchased a machine used to encode stolen account information on magnetic strips on credit and debit cards.
