14 DAY TRIAL // A 43-year-old Jordanian man was sentenced to ten years in prison yesterday in Missouri Western District Court for his role in a scheme that involved stealing credentials from various websites and using them to obtain access to people's bank accounts.
Sael Mustafa, 43, of Gladstone, Mo., and a citizen of Jordan, pleaded guilty back in January to one count of aiding and abetting mail fraud.
According to prosecutors, before moving to the United States Mustafa hacked into the websites of several U.S. businesses from an Internet cafe in Jordan and stole user login information from their databases.
Most of these websites belonged to restaurant chains and did not contain any financial information. Instead, users registered to receive newsletters, make reservations, earn gift cards or receive coupons.
Mustafa, assisted by unidentified co-conspirators, tested the stolen credentials on online banking websites and rather unsurprisingly, many of them worked.
This gave fraudsters access to people's credit card accounts which they then used to buy international plane tickets and gift cards, initiate fraudulent wire transfers and performed other online transactions. The total fraud is estimated at $725,000 and affected at least 654 individuals.
This case is a prime example of why security experts constantly urge users not to use separate passwords for different websites, especially for those hosting personal or financial information.
"This case provides a cautionary tale for unwary Internet users," said Beth Phillips, United States Attorney for the Western District of Missouri.
"This scheme was successful because hundreds of victims used the same password for each of their online accounts at different Web sites. That was convenient, but it also made them vulnerable to a computer hacker’s extensive fraud scheme," she added.
There are free password managers available that integrate well with all browsers and devices, making it easy to manage a large number of passwords in a secure manner.