Police Arrest Six Over £1m Phishing Scam

The Metropolitan Police Central e-Crime Unit (PCEU) has arrested six people as part of a crackdown on a phishing scam that reaped £1 million from students’ bank accounts.

The scam targeted students participating in government loan schemes, police said. The students received an email asking them to update their account details and directing them to a convincing-looking, fake website.

A degree of profitability

The fraudsters used the bank information to make withdrawals of £1,000 to £5,000 at a time, police said.

“A great deal of personal information was compromised and cleverly exploited for substantial profits,” said detective inspector Mark Raymond of the PCEU, in a statement. “We have today disrupted a suspected organised group of cybercriminals and prevented further loss to individuals and institutions in the UK. Today’s arrests demonstrate what can be achieved when a partnership approach is adopted to investigate Internet-based crime.”

The PCEU said they have been investigating the scam in co-operation with the Student Loan Company, the banking industry and Internet service providers starting from a tip-off in August.

On Thursday, the police arrested a 38 year old man in Bolton; a 26 year old man and a 25 year old woman in Manchester; a 25 year old man in Deptford, London; and a 49 year old woman and a 31 year old man in Stratford, London. Police also seized computers and equipment from premises in London, Manchester and Bolton.

The suspects are being held at police stations in central London, Manchester and Bolton on charges of conspiracy to defraud, money laundering, and offences under the Computer Misuse Act, police said.

Last month a study found that malware incidents had risen by 89 percent in the last three months, while phishing saw a drop of eight percent over the period.

Phishing fight

Facebook, Google and Microsoft are some of the global palyers who have fought back hard against cyber-thugs this quarter.

After the .tk top-level domain showed a 600 percent rise in phishing, Facebook joined the .tk registry, IID (Internet Identity), and the Anti-Phishing Alliance of China (APAC) to secure the top-level domain and reduce phishing from that domain by 40 percent. Google de-indexed the entire second-level domain co.cc, a hive of fraudulent activity, blocking 11 million co.cc websites from appearing in its search engine results, while Microsoft took down the Kelihos botnet, a network of 41,000 private computers infected with malicious software capable of sending billions of spam emails per day.

Traditional phishing attacks occur when online fraudsters try to access personal data such as usernames, passwords and credit card details by masquerading as a trustworthy entity in an online exchange, while malware is malicious software installed on a computer, which enables cybercriminals to access and use that computer for criminal purposes.