Romanian phishing scam suspect pleads guilty

Ovidiu-Ionut Nicola-Roman of Romania pleaded guilty to conspiracy to commit fraud in U.S. District Court in Bridgeport, admitting to participating in the scheme.

Authorities accuse the defendants of stealing names, Social Security numbers, credit card data and other information from Internet users. Federal indictments allege the Romania-based phishing scams sought to rip off thousands of consumers and hundreds of financial institutions.

Prosecutors estimate that Nicola-Roman was responsible for more than $400,000 in thefts. He faces a prison term of 46 to 57 months and possible fines and restitution payments when he is sentenced Oct. 10.

His lawyer, Ronald Resetarits, declined to comment after the plea.

Nicola-Roman still faces similar federal charges in California, where most of the defendants were indicted.

The practice known as phishing typically involves sending fraudulent e-mails that include links directing recipients to fake Web sites, where they are asked to input sensitive data. Phishers may also include attachments that, when clicked, secretly install "spyware" that can capture personal information and send it to third parties over the Internet.

More than half the people charged are Romanian, although the alleged scam also operated from the United States, Canada, Portugal and Pakistan. The cases were linked by two Romanians who participated in both schemes, authorities said.

Prosecutors say phishers based in Romania snagged information about thousands of credit and debit card accounts and other personal data from people who answered spam e-mail. The data were then sent to the U.S. and encoded on magnetic cards that could be used to withdraw money from bank accounts.

In Connecticut, seven Romanians allegedly spammed consumers with directions to visit a hacked-in Web site posing as at least a half-dozen legitimate bank sites, including Citibank, Wells Fargo and eBay Inc.-owned PayPal.