/Security/ Phish bait
09/07/2006 | Filed under Discover > Security
Seven members of a phishing operation were sent to prison by a British court in November 2005. Struan Robertson brings you the full, shocking story from the detectives involved.
When he heard the police at his door, Daniel Lett quickly removed his computer’s hard drive and hid it beneath a dog kennel in his back yard. It didn’t stay hidden for long, though. The drive later revealed evidence of a lucrative phishing scam that would land the 22-year-old and five others in prison.
The investigation, dubbed Operation Apple, began when complaints were received from eBay users who had paid for laptops and Rolex watches that never arrived. The trail led to properties in St Anne’s, near Blackpool, owned by Daniel Lett and two brothers – Guy Levi, 22, and the ringleader, David Levi, 28.
The Levis and Lett wanted the usernames and passwords of highly-rated eBay sellers. Anyone trading on eBay has a feedback score and a percentage feedback rating. If a seller has positive feedback rated at, say, 98 per cent, a bidder will trust the seller to deliver. So Lett hijacked such accounts. First he changed the passwords, to lock out the real account holders, then he and the Levis started selling.
Those who fell for their ads for high-value items like Sony Vaio laptops and Rolex Daytona watches – using text and images lifted from legitimate ads – would be contacted by email and persuaded to pay off-line. “I bank with Lloyds TSB and payment is best by a cash deposit at any Lloyds TSB bank,” explained an email found on Lett’s computer. “Payment using this method clears instantly and allows me to dispatch your order the same day if done prior to 3pm.” eBay cautions buyers against paying like this, but buyers trusted the good feedback.
Police located 160 people who paid money to David Levi’s gang; although there may well have been others. The police had evidence of almost £200,000 in criminal gains but they suspect that the total figure was more than twice as much. David Levi enjoyed the lion’s share. He had no job or legitimate income and told police that he funded his extravagant lifestyle with casino wins. However, investigators found that while he did frequent casinos, he lost much more than he won. He also bought expensive cars, took his parents on a £7,000 Caribbean cruise and a number of friends to Belgium in a stretch limousine.
Money mules
Thirteen bank accounts were known to have been used to launder and hide the proceeds of all of this criminal activity. David Levi used seven of these accounts himself, five in the name of Julian Roberts. eBay victims made transfers to Levi’s hired middlemen, known in the crime world as money mules – bank account holders whose only role in the heist is to receive and transfer money.
The money mules handled multiple transfers of sums ranging from £1,500 to £15,000. All of them were known to one or both Levi brothers but some knew more than others about the legality of the transfers. Only four were convicted under the Proceeds of Crime Act, which requires someone to at least suspect criminal activity. Others escaped prosecution either because they were unwitting participants in the enterprise or because there was a lack of evidence against them.
One unwitting intermediary was Cora Stansfield. She met Guy and David Levi at a casino and they invited her to get involved with a business selling perfumed dolls. She was told that the doll parts would be delivered to her home, all she had to do was assemble the dolls and add the scent. David Levi also told her to open a bank account, explaining that he could not do so himself because he was a bankrupt. Stansfield never received any doll parts but large sums appeared in her bank account. Levi told her this was from overseas sales. He took her to the bank to make periodic withdrawals and she handed him the cash, but she became suspicious. The bank closed the account and Stansfield refused Levi’s request to open a second account. She told police later that David Levi acted like a man possessed; she was not charged.
The Levi brothers also gathered credit card details in their phishing attack and used them to shop with. Technology supplier Dabs.com lost around £15,000 dealing with a customer it knew as Julian Roberts. Initially Levi had rented cheap flats to take delivery of his purchases, but as his confidence grew he eventually allowed his own home address to be used. Guy Levi took delivery of the items, posing as his brother, so that David could deny all knowledge of the orders.
The ruse failed when a delivery man made a positive identification of Guy Levi as Julian Roberts during an identity parade, and a British passport in that name was found by police in David’s flat. In all, David Levi held British passports in three names.
Daniel Lett and the Levi brothers were all arrested in April 2004 and released on bail, but surprisingly enough, even then they did not stop their criminal activities.
The law won
In July, police were made aware that the attacks were continuing. The officers re-visited the suspects and seized another computer from Lett. They also impounded two BMWs bought by David Levi. This upset Levi. He sent a fax to the car pound, purporting to be from the investigating officer, DC Gordon Beattie, authorising the release of the vehicles. Taking his brother with him, David Levi referred to the fax and they drove the cars away. The cars were recovered the following week by police officers and David Levi was charged with perverting the course of justice.
Lett admitted his actions but claimed he did not know that using other people’s eBay identities was a criminal act. He said he believed that David Levi was genuinely supplying the goods that had been ordered. The Levi brothers and Daniel Lett were charged with conspiracy to defraud and conspiracy to money launder. They pleaded guilty. As it turned out, by the time of sentencing at Preston Crown Court on 1 November 2005, David Levi was already in prison for another crime entirely: he had been convicted in July 2005 at Birmingham Crown Court and sentenced to four years for importing a large quantity of cannabis from Spain. The drugs had been secreted inside oranges.
David Levi was sentenced to a total of four years in prison: three years for conspiracy to defraud and conspiracy to money launder to run concurrent with his existing drugs-related sentence, and another year for perverting the course of justice, which was to run consecutively. Guy Levi was sentenced to 23 months in prison. Daniel Lett was sentenced to two years in prison.
Four money mules – Derek Anderson, Christopher Warden, Craig Jameson and Gareth Rice – pleaded guilty to money laundering offences and each received a sentence of six months in prison.
Comments
snowie / 18/12/2006 / 21:34
poor genius!! start again when u get out!!!!
Mathew Browne / 19/06/2007 / 13:55 / http://www.mbwebdesign.co.uk
They aren't the first and sadly won't be the last.
Frank Thompson / 11/01/2008 / 16:51 / http://www.gojiking.co.uk/
I hate these phishers VERY MUCH. I received a lot of phishing emails from them claiming they are ebay, paypal, Barclays, and Lloyds TSB. Whenever I receive such emails, I will forward to relevant companies for flight phising operations. But their skills are getting higher and higher, and difficult to detect. now seeing they are captured make me feel happy. They deserved it!
David Levi / 06/02/2008 / 18:55
hi well i am David Levi and i am now out of prison which was like a nice holiday camp thanks for the comments we are all out now :)))))))!!!!!
