Daniel Levi, his brother Guy Levi, and their computer-savvy
accomplice Daniel Lett, pleaded guilty to charges of conspiracy to
defraud and conspiracy to money launder. The total sum detailed in
the charges was £197,909.47; but Lancashire Constabulary's DC
Gordon Beattie, who headed an eighteen-month police investigation,
Operation Apple, suspects the actual sum involved was close to half
a million pounds.
The victims' addresses were collected by Lett using Atomic
Harvester, described as "the most powerful email collection
software on the net." It trawls the internet and returns thousands
of addresses every hour.
The attackers used Desktop Server 2000 to make the emails look
like they came from aw-confirm@eBay.co.uk. The emails also
displayed eBay's branding and told recipients that the company was
updating its records, inviting them to click on a link. In a
classic phishing scam, around 2,000 usernames and passwords and
sometimes bank account details were supplied after they followed
the link to a login page, unaware that it was hosted on Lett's
computer.
With stolen usernames and passwords, the three hijacked the user
accounts of eBay sellers who had positive feedback ratings on the
auction site. First they changed the passwords, to lock out the
real sellers. Then they exploited their strong reputations and
offered Sony Vaio laptops and Rolex watches at bargain prices.
Buyers were contacted by email and persuaded to use CHAPS, the
UK system of same-day electronic transfer, on the promise of an
even greater discount, instead of completing transactions on eBay.
They made transfers to the accounts of the money mules. The
laptops, of course, were never dispatched. Around 160 customers
paid over money in this way, between July 2003 and July 2004.
There were several money mules, the intermediaries in multiple
transfers of sums ranging from £1,500 to £15,000. All of them were
known to one or both Levi brothers, who spun stories to the mules
to avoid revealing the full nature of their crimes.
The mules were told that David Levi was expecting a money
transfer, but that he wanted to avoid anticipated charges from his
own bank – so he wanted to piggyback on the accounts of others. The
mules only held the sums for a day or so before they would be
withdrawn and handed to the Levis in exchange for a small
commission.
Some of the mules were not charged for lack of proof. To be
guilty of money laundering under the Proceeds of Crime Act of 2002,
someone has to know or suspect that money represents the proceeds
of crime. It was admitted in evidence that four men – Derek
Anderson, Craig Jameson, Chris Worden and Gareth Rice – knew or
suspected this to be the case. They pleaded guilty and each
received a sentence of six months in prison.
The Levi brothers also used credit card information stolen in
their phishing attack to make fraudulent purchases. Dabs.com lost
around £15,000, dealing with a customer they knew as “Julian
Roberts” – an admitted alias of David Levi. Initially Levi had very
briefly rented cheap flats in order to take delivery of his
purchases but eventually he became so arrogant that he allowed his
own home address to be used; but Guy Levi took delivery, posing as
his brother, so that David could deny all knowledge of the orders.
The ruse failed when a deliveryman made a positive identification
of Guy Levi as “Julian Roberts” at an identity parade, and a
British passport in that name was found by police in David’s
flat.
Lett's arrest was originally reported in April 2004 when he and
the Levi brothers' came to police attention following BT
Openworld’s success in identifying premises from which a broadband
account was closed, the genuine accountholder never having opened
it. It transpired that it had been opened with stolen credit card
data and the opening and closing instructions were traced to a flat
in St Annes rented by Lett’s girlfriend.
Officers went to this flat in April 2004. DC Beattie told
OUT-LAW that they arrived civilly, knocking on the door and waiting
for an answer, rather than forcing entry. Lett immediately hid his
PC beneath a dog kennel in his back yard; but it was quickly found
and taken for inspection. BT assisted with the forensic examination
of the computer.
Lett and the Levi brothers were arrested and released on bail;
but their behaviour did not improve.
In July, BT reported that the attacks had begun again. The
officers re-visited them and seized further computer equipment
which later confirmed that they had continued to perpetrate the
frauds.
Amongst the property seized from the Levi’s addresses was
ephemera showing the lavish lifestyle they and some of their
accomplices had indulged in during their enterprise. Also impounded
were two BMWs bought by David Levi with £39,000 of his criminal
gains. Having failed in a court action to recover the vehicles from
the police in 2005 Levi then had the gall to send a fax from an
internet café to the car pound, purporting to be DC Beattie, and
ordering the pound to release the vehicles to Levi. Taking Guy with
him, David referred to the fax and they drove the cars away. They
were recovered the following week by police officers and David Levi
was charged with attempting to pervert the course of justice.
Lett and the money mules owned up immediately, according to DC
Beattie. The Levi brothers initially pleaded not guilty but changed
their pleas just before trial. There was an added complication with
David Levi: on 18th July 2005 he was sentenced at Birmingham Crown
Court to four years imprisonment for importing a large quantity of
cannabis from Spain that had been secreted in oranges.
Yesterday, David Levi, 29, was sentenced to four years in
prison: three years for conspiracy to defraud and conspiracy to
money launder to run concurrent with his existing drugs-related
sentence and another one year for perverting the course of justice,
to run consecutively. Guy Levi, 22, was sentenced to 23 months in
prison. Daniel Lett, also 22, was sentenced to two years in
prison.
DC Beattie and his assistant, DC Don Fraser, praised the crucial
assistance provided by BT in tracing the attackers.
The only other phishing-related convictions to date in the UK
involved a US citizen, Douglas Havard, and a British citizen, Lee
Elwood. They were sentenced in June to six years and four years
respectively for their part in a conspiracy run by Eastern European
crime syndicates. Havard and Elwood received credit card details
from those running phishing sites overseas and used the details to
make online purchases and to create fake cards for emptying money
from ATM machines.
