Out-Law News 4 min. read

Phishing attackers and their mules sent to prison

Three men who sent thousands of emails purporting to come from eBay, and four others who acted as so-called money mules, were sent to prison by Preston Crown Court yesterday, marking the first convictions for a UK-run phishing operation.

Daniel Levi, his brother Guy Levi, and their computer-savvy accomplice Daniel Lett, pleaded guilty to charges of conspiracy to defraud and conspiracy to money launder. The total sum detailed in the charges was £197,909.47; but Lancashire Constabulary's DC Gordon Beattie, who headed an eighteen-month police investigation, Operation Apple, suspects the actual sum involved was close to half a million pounds.

The victims' addresses were collected by Lett using Atomic Harvester, described as "the most powerful email collection software on the net." It trawls the internet and returns thousands of addresses every hour.

The attackers used Desktop Server 2000 to make the emails look like they came from [email protected]. The emails also displayed eBay's branding and told recipients that the company was updating its records, inviting them to click on a link. In a classic phishing scam, around 2,000 usernames and passwords and sometimes bank account details were supplied after they followed the link to a login page, unaware that it was hosted on Lett's computer.

With stolen usernames and passwords, the three hijacked the user accounts of eBay sellers who had positive feedback ratings on the auction site. First they changed the passwords, to lock out the real sellers. Then they exploited their strong reputations and offered Sony Vaio laptops and Rolex watches at bargain prices.

Buyers were contacted by email and persuaded to use CHAPS, the UK system of same-day electronic transfer, on the promise of an even greater discount, instead of completing transactions on eBay. They made transfers to the accounts of the money mules. The laptops, of course, were never dispatched. Around 160 customers paid over money in this way, between July 2003 and July 2004.

There were several money mules, the intermediaries in multiple transfers of sums ranging from £1,500 to £15,000. All of them were known to one or both Levi brothers, who spun stories to the mules to avoid revealing the full nature of their crimes.

The mules were told that David Levi was expecting a money transfer, but that he wanted to avoid anticipated charges from his own bank – so he wanted to piggyback on the accounts of others. The mules only held the sums for a day or so before they would be withdrawn and handed to the Levis in exchange for a small commission.

Some of the mules were not charged for lack of proof. To be guilty of money laundering under the Proceeds of Crime Act of 2002, someone has to know or suspect that money represents the proceeds of crime. It was admitted in evidence that four men – Derek Anderson, Craig Jameson, Chris Worden and Gareth Rice – knew or suspected this to be the case. They pleaded guilty and each received a sentence of six months in prison.

The Levi brothers also used credit card information stolen in their phishing attack to make fraudulent purchases. Dabs.com lost around £15,000, dealing with a customer they knew as “Julian Roberts” – an admitted alias of David Levi. Initially Levi had very briefly rented cheap flats in order to take delivery of his purchases but eventually he became so arrogant that he allowed his own home address to be used; but Guy Levi took delivery, posing as his brother, so that David could deny all knowledge of the orders. The ruse failed when a deliveryman made a positive identification of Guy Levi as “Julian Roberts” at an identity parade, and a British passport in that name was found by police in David’s flat.

Lett's arrest was originally reported in April 2004 when he and the Levi brothers' came to police attention following BT Openworld’s success in identifying premises from which a broadband account was closed, the genuine accountholder never having opened it. It transpired that it had been opened with stolen credit card data and the opening and closing instructions were traced to a flat in St Annes rented by Lett’s girlfriend.

Officers went to this flat in April 2004. DC Beattie told OUT-LAW that they arrived civilly, knocking on the door and waiting for an answer, rather than forcing entry. Lett immediately hid his PC beneath a dog kennel in his back yard; but it was quickly found and taken for inspection. BT assisted with the forensic examination of the computer.

Lett and the Levi brothers were arrested and released on bail; but their behaviour did not improve.

In July, BT reported that the attacks had begun again. The officers re-visited them and seized further computer equipment which later confirmed that they had continued to perpetrate the frauds.

Amongst the property seized from the Levi’s addresses was ephemera showing the lavish lifestyle they and some of their accomplices had indulged in during their enterprise. Also impounded were two BMWs bought by David Levi with £39,000 of his criminal gains. Having failed in a court action to recover the vehicles from the police in 2005 Levi then had the gall to send a fax from an internet café to the car pound, purporting to be DC Beattie, and ordering the pound to release the vehicles to Levi. Taking Guy with him, David referred to the fax and they drove the cars away. They were recovered the following week by police officers and David Levi was charged with attempting to pervert the course of justice.

Lett and the money mules owned up immediately, according to DC Beattie. The Levi brothers initially pleaded not guilty but changed their pleas just before trial. There was an added complication with David Levi: on 18th July 2005 he was sentenced at Birmingham Crown Court to four years imprisonment for importing a large quantity of cannabis from Spain that had been secreted in oranges.

Yesterday, David Levi, 29, was sentenced to four years in prison: three years for conspiracy to defraud and conspiracy to money launder to run concurrent with his existing drugs-related sentence and another one year for perverting the course of justice, to run consecutively. Guy Levi, 22, was sentenced to 23 months in prison. Daniel Lett, also 22, was sentenced to two years in prison.

DC Beattie and his assistant, DC Don Fraser, praised the crucial assistance provided by BT in tracing the attackers.

The only other phishing-related convictions to date in the UK involved a US citizen, Douglas Havard, and a British citizen, Lee Elwood. They were sentenced in June to six years and four years respectively for their part in a conspiracy run by Eastern European crime syndicates. Havard and Elwood received credit card details from those running phishing sites overseas and used the details to make online purchases and to create fake cards for emptying money from ATM machines.

We are processing your request. \n Thank you for your patience. An error occurred. This could be due to inactivity on the page - please try again.