Hacking bank accounts for over 10 years scheme gets 57 months for fraudsters

Email Addresses hacked

Brooklyn man, Jason Mickel Elcock was today sentenced to 57 months in prison for several account hijacking attacks spanning over a decade, which he used to pillage over $1.1 million from banks and online retailers using robbed personal and financial information.

Account hijacking is a famous tactical system for identity theft that offenders take advantage of the stolen account information of their victims to carry out unauthorized activities.

In this case, the hijacking attacks were the result of tens of thousands of businesses and individuals stolen from their accounts, which made Elcock and his co-conspirators disappoint their victims.

Elcock (also referred to as Prezzi) was convicted on 12 March this year of money laundering conspiracies and wire fraud.

Over 10 years of Bank account hacking

Elcock and his co-conspirators, one of whom was Shoshana Marie McGill also sentenced for money laundering, acquired part of the data from criminal websites used for their fraud.

“Between 2008 and 2018, ELCOCK, co-defendant Shoshana Marie McGill, and other co-conspirators participated in a scheme to defraud banks and e-commerce retailers by using stolen personal identifying information (‘PII’), bank account information, and credit and debit card data from tens of thousands of individuals and businesses for personal financial gain,” says the Department of Justice press release.

They also allowed for hacking into e-mail accounts, online banking accounts and password vaults of their victims, which allowed them to collect additional personal information, user credentials, and copies of checks.

These would then be used in a number of ways, including as part of their fraud schemes:

  • opening new lines of credit in victims’ names without their permission using stolen PII data
  • transferring money electronically out of victims’ bank accounts
  • creating and cashing fraudulent checks issued against victims’ bank accounts
  • and using stolen credit card info to buy various items and services from e-commerce retailers, either for personal use or for resale

In addition, Elcock “sold a part of the stolen bank account data and check supplies to other co-conspirators, in exchange for a reduction in the value of the controls successfully cashed by these co-conspirators,” as the investigators found.

Email hidden illegal activity

Elcock also transferred certain accounts and telephone numbers of his victim to those he andhis co-conspirators controlled to gain control of their shopping and banking accounts online.

They also altered some of the passwords and activity notifications of the hacked accounts in order to hide their criminal activities.

This allowed Elcock and his fellow conspirators to avoid being found by the victims when their accounts were deceived, preventing them from being “received text and e— mails of non-authorized transactions, which made it harder to detect criminal proceedings.” Over the course of the ten-year long fraud system, Elcock and his crime partners have inflicted losses on online retailers of over $1.1 million. “imposed burden and stress on countless individual victims, as they had to take steps to regain access to their phone numbers and email accounts, file police reports, notify credit agencies, cancel lines of credit, and dispute unauthorized purchases.”

Elcock has been sentenced by the United States District Judge Victor Marrero was released for three years as a supervisor and ordered his interest on both bank accounts to be abandoned and $1,111,893 cash to be forfeited.

“The theft and exploitation of our online data by perpetrators hiding in the weeds of the Internet is becoming all too common.  This Office is committed to identifying, exposing and prosecuting cyber thieves wherever they may be found,” U.S. Attorney Geoffrey S. Berman said.

Jennifer Thomas
Jennifer Thomas is the Co-founder and Chief Business Development Officer at Cybers Guards. Prior to that, She was responsible for leading its Cyber Security Practice and Cyber Security Operations Center, which provided managed security services.