Brooklyn man Jason Mickel Elcock was sentenced today to 57 months in prison for a series of account hijacking attacks spanning more than a decade, having used stolen personal and financial information to pilfer over $1.1 million from banks and online retailers.
Account hijacking is a well-known tactic in identity theft schemes through which attackers profit from their victim’s stolen account information to conduct unauthorized activities.
In this case, the account hijacking attacks were the result of account info stolen from tens of thousands of businesses and individuals, information which allowed Elcock and his co-conspirators to defraud their victims.
Elcock (also known as Prezzi) was sentenced to prison after previously pleading guilty to money laundering conspiracies and wire fraud on March 12 this year.
Between 2008 and 2018, ELCOCK, co-defendant Shoshana Marie McGill, and other co-conspirators participated in a scheme to defraud banks and e-commerce retailers by using stolen personal identifying information (‘PII’), bank account information, and credit and debit card data from tens of thousands of individuals and businesses for personal financial gain,” says the Department of Justice press release.
Elcock and his co-conspirators, one of which was Shoshana Marie McGill also sentenced on June 13 for money laundering conspiracy, acquired part of the data used in their fraud scheme from criminal websites.
They also admitted to hacking into some of their victims’ email accounts, online bank accounts, and password vaults, which allowed them to collect more personal info, user credentials, and copies of checks.
These would later be used as part of their fraud schemes in a multitude of ways including:
• opening new lines of credit in victims’ names without their permission using stolen PII data
• transferring money electronically out of victims’ bank accounts
• creating and cashing fraudulent checks issued against victims’ bank accounts
• and using stolen credit card info to buy various items and services from e-commerce retailers, either for personal use or for resale
Moreover, Elcock “sold a portion of the stolen bank account data, along with check-making supplies, to other co-conspirators in exchange for a cut of the value of the checks that those co-conspirators successfully cashed,” as the investigators found.
This enabled Elcock and his co-conspirators to avoid being discovered by victims after hijacking their accounts, preventing them “from receiving text and email notifications regarding unauthorized transactions, to make the criminal scheme harder to detect.”
Throughout their decade-long fraud scheme, Elcock and his partners in crime inflicted over $1.1 million in losses to online retailers and banks, and they also “imposed burden and stress on countless individual victims, as they had to take steps to regain access to their phone numbers and email accounts, file police reports, notify credit agencies, cancel lines of credit, and dispute unauthorized purchases.”
Elcock was sentenced by U.S. District Judge Victor Marrero three years of supervised release, as well as ordered to relinquish his interest in two bank accounts and forfeit $1,111,893 in cash.
“The theft and exploitation of our online data by perpetrators hiding in the weeds of the Internet is becoming all too common. This Office is committed to identifying, exposing and prosecuting cyber thieves wherever they may be found,” U.S. Attorney Geoffrey S. Berman said https://www.justice.gov/usao-sdny/pr/brooklyn-man-sentenced-57-months-prison-account-takeover-and-money-laundering-scheme .