Hackers get over $50 million USD with Premium SMS fraud; defendants could spend up to 20 years in prison

The U.S. Department of Justice (DOJ) reported that Australian citizen Michael Pearse has pleaded guilty to one count of conspiracy to commit wire fraud, actively participating in an “auto sub” scheme.  This variant of fraud consists of registering mobile phone users on services they have not requested, charging monthly fees and renewing their subscriptions automatically without the knowledge or consent of the victims.

Audrey Strauss, U.S. Attorney for the Southern District of New York, says the defendant played a key role in the scheme, taking advantage of his role as CEO of a company he created and with which he hid the development of the automatic subscription software. This company sent automatic SMS messages to victims, offering subscriptions to horoscope services, nutrition tips, news, among others.

At a news conference, Strauss said, “As he admitted in court today, Pearse played a vital role in an international conspiracy that scammed hundreds of thousands of mobile phone users, generating illicit profits of more than $50 million USD.”

This operation would have started between 2012 and 2013, when the defendant and his accomplices began sending unsolicited text messages to thousands of users, adding the aforementioned content. Needless to say, the victims did not request these messages (known as Premium SMS), although the software employed by the defendant was capable of performing an arbitrary subscription and automatic renewal. On average, Pearse and his accomplices charged $9.99 USD to their victims’ phone bill per month and the service was renewed unless victims noticed the fraudulent charges and canceled subscriptions.

Pearse pleaded guilty to one count of conspiracy to commit wire fraud, for which he could spend up to 20 years in federal prison. The DOJ also noted that, as part of its plea agreement, the defendant will relinquish possession of $10.5 million and some property obtained from his illicit operations.

While Pearce is still awaiting final sentencing, nine other people accused of participating in this fraudulent scheme have also pleaded guilty. Two individuals arrested in 2017 as part of this criminal case are already serving their respective prison sentences.

To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) websites.