AUSTIN, TX — A Texas man was sentenced today to five years in prison followed by three years of supervised release for his conduct in connection with a scheme to buy 38,000 compromised PayPal account credentials from an illegal online marketplace, and then use those credentials to steal money from the rightful PayPal account owners. In addition to the term of imprisonment, the defendant was ordered to pay $1.4 million in restitution.
This case offers a glimpse into how annoying online cash schemes work in providing money laundering options for online criminal schemes.
Marcos Ponce, 37, of Austin, pleaded guilty to conspiracy to commit wire fraud in October 2021. According to court documents, from at least as early as November 2015 and continuing through in or about November 2018, Ponce and his co-conspirators worked together to establish buyer accounts on a particular illegal online marketplace (Marketplace A). Marketplace A functioned as an illegal market for stolen payment account credentials and associated personally identifying information (PII). The co-conspirators purchased over 38,000 stolen PayPal account login credentials.
With the 38,000 PayPal login credentials, Ponce and his co-conspirators were able to steal over $1 million from innocent victims whose PayPal accounts had been compromised, according to the original complaint that has since been unsealed.
In addition, Ponce and his co-conspirators developed social engineering techniques in order to trick unwitting third parties on Facebook into accepting money transfers from the compromised PayPal accounts, and then transferring the money into accounts controlled by members of the conspiracy.
In other words, the co-conspirators found and used unwitting victims on Facebook who agreed to receive money transfers from them for a commission. Then the unwitting Facebook user would transfer the balance, less the user’s promised cut, to Ponce and company’s other accounts disguised as legitimate transactions.
An example of a pitch to a Facebook user used to convince the user go along with their scheme was to sent via a Messenger request. It stated:
“I sold some things online but my account is locked. Could you receive some payments from me, withdraw the funds then bank transfer to me? Just need PayPal email…”
The complaint also noted that Ponce used a Coinbase account and wallet to pay for PII purchased on the illegal online marketplace.
“The Justice Department remains firmly committed to protecting the American people from fraudsters like this defendant,” said Assistant Attorney General Kenneth A. Polite, Jr. of the Justice Department’s Criminal Division. “May today’s sentencing send a clear message to would-be thieves: there are real-world consequences for online crimes.”
“This prosecution and sentence send a powerful message that the cyberworld is not a haven for criminals, and law enforcement will work tirelessly to bring cybercriminals to justice,” said U.S. Attorney Ashley C. Hoff for the Western District of Texas.
“Today’s sentencing sends a message that the FBI will pursue cybercriminals across the globe. Hiding behind a computer does not mean you can stay anonymous or out of reach of law enforcement,” said Assistant Director in Charge Steven M. D’Antuono of the FBI’s Washington Field Office. “With the assistance of FBI cyber task forces across the country, the FBI will diligently and aggressively work to identify and locate criminals, regardless of where they operate.”
The case was investigated by the FBI’s Washington Field Office, with significant assistance from the FBI San Antonio - Austin Cyber Task Force.
Senior Counsel Laura-Kate Bernstein of the Justice Department’s Computer Crime and Intellectual Property Section, and Assistant U.S. Attorney Matthew Devlin for the Western District of Texas prosecuted the case, with substantial assistance from Assistant U.S. Attorney Demian Ahn for the District of Columbia.
Portions of this piece were provided by a DOJ press release.
Post a comment to this article here: