Home News Stories 2009 October Operation 'Phish Phry'
This is archived material from the Federal Bureau of Investigation (FBI) website. It may contain outdated information and links may no longer function.

Operation 'Phish Phry'

Operation Phish Phry
Major Cyber Fraud Takedown


The Director delivered a major speech on cyber crime today at the Commonwealth Club of California.
The Director delivered a major speech on cyber crime today at the Commonwealth Club of California.

Nearly 100 people were charged today in the U.S. and Egypt as part of Operation Phish Phry, one the largest cyber fraud phishing cases to date. It’s the latest action in what Director Robert Mueller described in a major address today as a “cyber arms race,” where law enforcement and criminals compete to stay one step ahead of each other on the ever-expanding virtual frontier.

Cyber thieves “phish” for personal information such as usernames, passwords, and financial account details by tricking users into thinking their sensitive information is being given to trusted websites when, in fact, the sites are traps.

The defendants in Operation Phish Phry targeted U.S. banks and victimized hundreds and possibly thousands of account holders by stealing their financial information and using it to transfer about $1.5 million to bogus accounts they controlled. More than 50 individuals in California, Nevada, and North Carolina, and nearly 50 Egyptian citizens have been charged with crimes including computer fraud, conspiracy to commit bank fraud, money laundering, and aggravated identify theft.

Don’t Become a Phishing Victim

Most banks or other companies will not request your personal information via e-mail. If you get an e-mail asking for such information, call the bank—but don’t use the phone number contained in the e-mail.

- Use a phishing filter on your computer. Many current web browsers have them built in or offer them as plug-ins.

- Never follow a link to a secure site from an e-mail—always enter the URL manually.

- Don’t be fooled by the latest scams.

Visit the Internet Crime Complaint Center (IC3) and LooksTooGoodToBeTrue websites for more tips and information.

During the two-year investigation led by our Los Angeles office, we worked closely with the Secret Service, the Electronics Crimes Task Force in Los Angeles, state and local law enforcement, and our Egyptian counterparts—the first joint cyber investigation between Egypt and the United States. Such a cooperative effort illustrates “the power of our global partnerships,” Mueller said during his speech in San Francisco to address the criminal cyber threat and what we’re doing to combat it.

While Phish Phry defendants were being rounded up, Mueller told his audience, “The FBI is both a law enforcement and national security agency, which means we can and must address every angle of a cyber case. This is critical, because what may start as a criminal investigation may lead to a national security threat. … At the start of a cyber investigation, we do not know whether we are dealing with a spy, a company insider, or an organized criminal group.”

In the case of Operation Phish Phry, money appears to be the driving motive. But as Mueller pointed out, “Something that looks like an ordinary phishing scam may be an attempt by a terrorist group to raise funding for an operation.”

Mueller’s remarks came during National Cybersecurity Awareness Month, an annual event sponsored by the Department of Homeland Security to help educate the public on the shared responsibility of protecting cyberspace.


“Cyber crime might not seem real until it hits you,” Mueller said. “But every personal, academic, corporate, and government network plays a role in national security.”

To help battle the cyber threat, the Bureau relies on strong partnerships—with law enforcement and intelligence communities worldwide, and with universities, corporations, small businesses, and citizens.

Within the government, we have established the National Cyber Investigative Joint Task Force, which brings together law enforcement, intelligence, and defense agencies to focus on high-priority cyber threats. Within the private sector we run InfraGard, where we exchange information with 32,000 partners from private industry.

But even with all our partnerships, Mueller added, “we are still outnumbered by cyber criminals.” Which is why it’s so important for people to do their fair share. That means protecting your home computer with firewalls, anti-virus software, and strong passwords.

“We all have a responsibility to protect the infrastructure that protects the world,” Mueller said.

- Director’s remarks