DOJ Charges Five in Phishing Scheme Targeting U.S. Companies, Linked to Millions in Crypto Theft

DOJ Charges Five in Phishing Scheme Targeting U.S. Companies, Linked to Millions in Crypto Theft

The U.S. Department of Justice (DOJ) has charged five men for allegedly running phishing campaigns against employees of various companies.

According to a recent announcement, these individuals targeted U.S. companies through phishing text messages to steal employee credentials. Akil Davis, who is the Assistant Director in Charge of the FBI’s Los Angeles Field Office, explained that the suspects used this stolen information “as a gateway to steal millions in their cryptocurrency accounts.”

The five men, aged 20 to 25, now face serious charges. A federal grand jury has indicted them on one count of conspiracy to commit wire fraud, one count of conspiracy, and one count of aggravated identity theft. Some of these alleged co-conspirators have already pleaded not guilty to previous charges.

As reported by Reuters, these individuals are believed to be part of a hacking group called “Scattered Spider.” This group has been linked to attacks on major companies like Caesars Entertainment and MGM Resorts International. They often engage in “data theft for extortion” using various social engineering techniques, as well as deploying ransomware, according to a 2023 FBI advisory.

If convicted, each defendant could face up to 20 years for conspiracy to commit wire fraud, five years for conspiracy, and a mandatory two-year consecutive sentence for aggravated identity theft.

United States Attorney Martin Estrada noted that authorities allege this group of cybercriminals executed a sophisticated scheme to steal intellectual property and proprietary information worth tens of millions of dollars. He stressed that phishing and hacking have become increasingly sophisticated, leading to significant losses.

Estrada also advised that if something about a text, email, or website feels off, it probably is. This advice aligns with sentiments expressed by cybersecurity experts in recent reports.

This news follows reports of a Pepe holder losing $1.4 million after falling victim to a phishing attack that involved unknowingly signing an off-chain Permit2 signature. In another case, Colorado authorities reported that crypto fraudsters scammed residents out of thousands of dollars in Bitcoin.

Last year, Kaspersky, a Russian cybersecurity and antivirus provider, reported a staggering 40% increase in phishing attacks within just one year. At the same time, they noted a decline in the detection of traditional financial threats, suggesting a shift in tactics among cybercriminals.