Two men have been sentenced to a total of 10 years for their part in a conspiracy to defraud and launder money from the proceeds of phishing scams, says the UK's National Hi-Tech Crime Unit (NHTCU).
US-born Douglas Havard, 24, was sentenced to six years, while UK-born Lee Elwood, 25, from Glasgow was sentenced to four years in gaol.
The NHTCU says the two men ran a UK syndicate which used identities and account details to steal from accounts via ATM machines and to buy and sell goods online. Officers estimate that the pair stole at least £750,000 over a 10-month period, adding that the proceeds of this crime over two years could be as much as £6.5 million.
The pair were also involved in online criminal gangs, Shadowcrew and Carderplanet. After initial contact via the Internet, the suspects exchanged stolen information and counterfeit documents such as credit cards, driver's licences, passports and birth certificates. The pair also enlisted people to sell goods bought with compromised credit cards on online auction sites.
Havard was arrested in Leeds in June and was found to have documents and equipment to manufacture false identities. Police raiding his flat found bank accounts in at least 10 names along with forged Euro and dollar travellers cheques. Overall, about £10,000 in cash was retrieved at various addresses and a further £20,000 was found in bank accounts in various names which were then frozen.
Havard also admitted to receiving data dumps of credit card information and passwords from unnamed Russian individuals who subsequently received a cut of the proceeds via money transfer agencies back to Russia.
NHTCU says Havard is also wanted in the US on two Texas State Warrants for non-appearance at court where he was due to face charges for counterfeiting and for armed robbery.
Elwood was arrested in June 2005. Officers found a large quantity of forged documentation and bank documents, credit card holograms, computers and other equipment at his flat.
Detective Superintendent Mick Deats, deputy head of the NHTCU, says over the past year the unit has seen a sustained increase in the professionalism of cybercriminals and although companies are taking the brunt of their attempts to steal money and data, consumers are also being hit.
"We hope that these sentences deliver a tough message to anybody either thinking about or actually using other people's identities to steal," he says.
The UK government said in May that it was introducing new legislation, under its new Fraud Bill, that will allow the law courts to impose sentences of up to 10 years on perpetrators of phishing attacks.