Unwitting users who clicked on links contained in spam emails sent by the gang were directed to a website designed to collect passwords and banking details.
The US Department of Justice claims that the gang sent more than 1.3 million spam emails in just one phishing attack.
Information stolen by the phishers was passed via internet chat messages to US-based cashiers who recorded the stolen data onto the magnetic strip on blank credit and debit cards.
Other criminals were then sent to test the cards at ATMs by making balance requests or withdrawing small amounts of money.
Once proven to work, the cards would be used to withdraw the maximum amount of money possible. A proportion of the stolen money was then wired back to Romania.
"This was a highly organised scheme using the internet to steal money from individuals and financial institutions across continents," said Graham Cluley, senior technology consultant at Sophos.
Police smash 38-strong phishing gang
By Robert Jaques on May 21, 2008 2:41PM