Authorities in the US and Romania have arrested and charged 38 people suspected of running an international phishing gang that attempted to steal from thousands of consumers and targeted hundreds of financialinstitutions.
Computer users who clicked on links in spam emails were taken to a fraudulent website posing as a legitimate online bank, where they were tricked into entering their passwords and banking details.
According to the US Department of Justice, the gang sent more than 1.3m spam emails in one phishing attack.
The stolen information was passed to US-based cashiers, who recorded the data onto blank credit and debit cards.
Other criminals tested the cards at ATMs by making balance requests or withdrawing small amounts of money.
Once proven, the cards were used to withdraw the maximum amount of money possible. A proportion of the stolen money was wired back to Romania.
"This was a highly organised scheme using the internet to steal money from individuals and financial institutions across continents," said Graham Cluley, senior technology consultant at web security software firm Sophos.
"The authorities in the US and Romania should be applauded for their investigation, which hopefully will result in the dismantling of a major cybercrime ring."
More than half of the people charged are Romanian, although the scams also operated from the US, Canada, Pakistan and Portugal.
Read more about phishing: