Romanian citizen sentenced in phishing scheme
BRIDGEPORT, Conn. -- A Romanian citizen was sentenced Monday to more than four years in prison as the first foreign defendant convicted in a global crime ring that stole hundreds of thousands of dollars from Internet users.
Ovidiu-Ionut Nicola-Roman pleaded guilty last year for his role in the "phishing" scheme, which involved sending fraudulent e-mails that included links that directed recipients to fake Web sites where they were asked to input sensitive data. In all, 38 people have been charged in Connecticut and California, and more than half are Romanians.
Authorities say Nicola-Roman accessed e-mail accounts containing stolen credit card information and used the credit card numbers to steal between $200,000 and $400,000. He we was sentenced Monday to 50 months in prison.
"Sitting at a computer in Romania, you in effect wreaked havoc upon the people whose credit card numbers you were stealing," U.S. District Court Judge Janet Hall said. "Our economy rests upon people trusting they can use access cards, credit cards, debit cards. When the use of them is disrupted, it's no small pain to the victim. It is a damage to the economic system of our country."
Nicola-Roman, 23, of Craiova, Romania, was arrested in Bulgaria in 2007 and extradited to the United States. He told Hall that that he has had a lot of time in jail to think about what he did "and how wrong it was."
"I just want to apologize to them," he said, referring to his victims.
But prosecutor Edward Chang said Nicola-Roman had to be "dragged through every admission he makes."
"It's clear that he is an individual who doesn't fully accept the enormity of what he has done," Chang said.
Prosecutors said the scam also operated from the United States, Canada, Portugal and Pakistan. Phishers based in Romania snagged information about thousands of credit and debit card accounts and other personal data from people who answered spam e-mail. The data were then sent to the U.S. and encoded on magnetic cards that could be used to withdraw money from bank accounts.
In Connecticut, seven Romanians allegedly spammed consumers with directions to visit a Web site posing as at least a half-dozen legitimate bank sites, including Citibank, Wells Fargo and PayPal.
Authorities say the thefts had a devastating effect on the victims, who face damaged credit ratings, fear of using the Internet and the prospect that their personal information was distributed and will remain in the public domain forever. Prosecutors cited one victim with a handicapped child who could not access her money for almost five days, a businessman who was stuck in Ohio with no money to pay for a hotel and a woman who had to delay her vacation.
In 2007, 3.6 million victims lost $3.2 billion in the United States as a result of phishing attacks, prosecutors said, citing a Gartner survey. But due to difficulty investigating the cases, there have been only a handful of phishing prosecutions. Federal prosecutors said Nicola-Roman's case is a unique chance to warn overseas criminals about trying such schemes.
Nicola-Roman has said that he was partly motivated to help his sick mother. He asked Hall to give him a light sentence so he can study at a university, start a family and get a good job. "I will never be involved in such things again," he said.
When the judge asked why he didn't do that before, Nicola-Roman said he was too immature at 18 and 19 years old. "Now I'm mature and I know better," he said.
Defense attorney Ronald Resetarits said Nicola-Roman did not have a previous criminal record and has learned from his prison time.
"Prison time has been difficult for him," Resetarits said. "He's already ready received the message that he obviously can't do this."