Thirty-eight people in the U.S. and Romania have been charged in two indictments alleging they used complicated Internet phishing schemes to steal thousands of credit and debit card numbers, U.S. and Romanian authorities announced Monday.

The indictments, in U.S. District Court for the Central District of California and the District of Connecticut, focus on two related phishing schemes with ties to organized crime, the U.S. Department of Justice said. Phishing involves sending e-mail messages that look like official correspondents from banks or credit card vendors in an attempt to get recipients to go to a fake Web site and enter their account numbers.

A grand jury in Los Angeles charged 33 people for their alleged participation in a scheme that targeted thousands of individual victims and hundreds of financial institutions. The 65-count indictment was unsealed Monday. Seven people were charged in a Connecticut indictment for their roles in an Internet phishing scheme, including two who were charged in the Los Angeles case.

U.S. authorities were acting on nine arrest warrants in the Los Angeles area and Romanian authorities acting on search warrants there Monday in connection with the racketeering indictments.

Among the charges in the Los Angeles indictments are conspiracy to violate the Racketeer Influenced and Corrupt Organizations (RICO) Act; conspiracy in connection with access devices; unauthorized access to a protected computer; bank fraud; and aggravated identity theft.

The RICO conspiracy charge carries a maximum prison sentence of 20 years, bank fraud has a maximum sentence of 30 years, and device fraud conspiracy has a maximum sentence of seven and a half years. The unauthorized access count carries a maximum prison sentence of five years, and aggravated identify theft carries a mandatory two-year prison sentence.

The Romanian members of the organization obtained thousands of credit and debit card accounts and other personal information through phishing, according to the indictment. The group sent more than 1.3 million spam e-mail messages in one phishing attack, the DOJ said.

The Romanians collected the victims' information and sent the data to cashiers in the U.S. through Internet chat messages, the DOJ said. The U.S. cashiers used hardware called encoders to record the fraudulently obtained information onto the magnetic strips on the back of credit and debit cards. Cashiers then directed other criminals called runners to test the fraudulent cards by checking balances or withdrawing small amounts of money at ATMs.

The IDG News Service is a Network World affiliate.