DOJ Charges Five Men in Phishing Scheme Targeting U.S. Companies

According to Decrypt, the U.S. Department of Justice (DOJ) has charged five individuals for allegedly conducting phishing campaigns against employees of various companies. The DOJ's announcement revealed that these co-conspirators targeted U.S. companies with phishing text messages to harvest employee credentials. Akil Davis, Assistant Director in Charge of the FBI’s Los Angeles Field Office, stated that the accused used the stolen information to access and steal millions from cryptocurrency accounts.

The five men, aged between 20 and 25, face charges from a federal grand jury indictment, including one count of conspiracy to commit wire fraud, one count of conspiracy, and one count of aggravated identity theft. Some of the accused have already faced charges and pleaded not guilty. Reuters reported that the individuals were allegedly part of "Scattered Spider," a hacking group linked to attacks on Caesars Entertainment and MGM Resorts International. This group is known for "data theft for extortion using multiple social engineering techniques" and deploying ransomware, as noted in a 2023 FBI advisory.

If convicted, each defendant could face a maximum sentence of 20 years for conspiracy to commit wire fraud, up to five years for conspiracy, and a mandatory two-year consecutive sentence for aggravated identity theft. U.S. Attorney Martin Estrada emphasized that the group allegedly executed a sophisticated scheme to steal intellectual property and proprietary information valued at tens of millions of dollars. Estrada warned that phishing and hacking have become increasingly sophisticated, leading to significant losses. He advised caution, suggesting that if something about a text, email, or website seems suspicious, it likely is.

This news comes amid rising crypto phishing cases. Recently, a Pepe holder lost $1.4 million after unknowingly signing an off-chain Permit2 signature during a phishing attack. In another incident, Colorado authorities reported that crypto fraudsters scammed state residents, stealing thousands of dollars in Bitcoin. Last year, Russian cybersecurity firm Kaspersky noted a 40% increase in phishing attacks within a year, while traditional financial threats saw a decrease, indicating a shift in strategies by cybercriminals.