Man Pleads Guilty in Wal-Mart Card Phishing Scheme
A Sacramento, California, man has pleaded guilty to charges for his role in an international scam that netted sensitive information on tens of thousands of Internet users and then used that data to open fraudulent Wal-Mart credit cards.
Wed, September 09, 2009
IDG News Service — A Sacramento, California, man has pleaded guilty to charges for his role in an international scam that netted sensitive information on tens of thousands of Internet users and then used that data to open fraudulent Wal-Mart credit cards.
Slideshow: When Rogue IT Staffers Attack: 8 Organizations That Got Burned
Tien "Tim" Truong Nguyen pleaded guilty to fraud and identity theft charges on Tuesday, the day before his case was set to go to trial.
Prosecutors say that, working in concert with Romanian cyber-criminals, Nguyen set up fake phishing Web sites and supplied others with stolen information that was then used to set up fake Wal-Mart instant credit accounts in stores throughout northern California.
Operated by GE Capital, kiosks run a credit check on the Wal-Mart customer and then spit out instant credit coupons -- typically for US$1,000 to $2,000 -- that can be used in the stores.
By setting up hundreds of these instant credit lines, Nguyen's two alleged co-conspirators, Stefani Ruland and Ryan Price, netted close to $193,000 in just under two months, prosecutors say. A Wal-Mart investigator uncovered the scam in September 2006, after an anonymous tipster told him that Ruland and Price had a garage full of stolen Wal-Mart items in their Sheridan, California, home.
Ruland is serving a prison sentence for her role in the scam; Price is awaiting trial, prosecutors said.
After meeting Price and Ruland over the Internet, Nguyen began giving them credit information in exchange for methamphetamine, prosecutors said in court filings. "Nguyen said that he did identity theft 'because it was so easy,'" the filings state. He told investigators that "he wanted to quit identity theft, but resumed it if he was smoking methamphetamine; and that the drug gave him the drive to do identity theft."
When Nguyen was arrested on Jan. 26, 2007, police found credit card numbers, bank account numbers and stolen information belonging to tens of thousands of people on his computer. They also found templates for making fake Web sites. Targets included eBay and a number of smaller regional financial institutions, such as Florida's Fairwinds Credit Union, Washington's Heritage Bank and the Honolulu City and County Employee's Credit Union. , now known as Aloha Pacific.
Many of Nguyen's victims were PayPal users who responded to fake e-mails or pop-up windows that asked them for personal information, authorities said. EBay owns PayPal, an online payment service.
The case "shows that information can be obtained in Sacramento and be used to carry out fraud in very far-reaching ways," said Robin Taylor, an assistant U.S. attorney who prosecuted the case.
