The groups – which included 18 Italian citizens and eight foreign nationals from Eastern European countries – duped recipients with emails purporting to be from the Home Banking Services’ Poste Italiane program.
Poste Italiane is a government-owned mail distributor that offers financial services - such as PostePay - across the country, according to Sophos.
The phishers used the scam emails to glean access codes to online bank accounts or PostePay Cards, according to a press release from the Provincial Command of the Military Financial Police, which called the operation "Phish and Chips."
Authorities said the group’s ringleader, described only as a 22-year-old, confessed to confiscating the bank account information of victims and wiring their funds elsewhere.
Authorities seized laptops, backup devices, false documents, mobile phones and materials for forging credit cards as part of the operation.
Two victims lost a total of more than 65,000 euro in just a few minutes, according to Italian police.
A few of the accused were caught using illegally funded accounts at casinos in Italy – including the Casino of San Remo - Germany, Austria and Greece, according to the Italian police report.
Italian police did not say specifically what the 26 arrestees were charged with.
Ron O’Brien, senior security analyst at Sophos, told SCMagazine.com that phishing arrests are rare because of disputes over jurisdiction.
"There is a fundamental issue with prosecution in that it often crosses state and international boundaries, and there’s often a question to jurisdiction.
Parties often have the formidable task of finding the agency that has the greatest breadth of authority," he said. "So when you have something as centralised as the Italian incident was, it lets them send a statement that that’s not going to be tolerated."
Alex Eckelberry, president of Sunbelt Software, told SCMagazine.com that Italy is "a mess" in terms of vicious malware attacks.
"I was pleasantly surprised to see [the arrests] occurring in Italy. It’s the hotbed of malware right now," he said. "There are a number of different reasons that have been speculated, maybe the laxity of the laws, maybe patch levels aren’t as strong."
Italian officials arrest 26 in anti-phishing operation
By Frank Washkuch on Jul 17, 2007 9:40AM