This hacker sent about 130,000 phishing texts

A teenager from Montreal's South Shore admitted to sending nearly 130,000 phishing texts in 2019 and 2020, essentially pretending to be Fido, Netflix or various financial institutions.

In the summer of 2020, Rogers fraud investigators discovered that Desjardins, Rogers and Fido used Anis Rayane Bacha's phone to send phishing messages to customers.

The previous year, the 25-year-old suspect sent 45,600 fraudulent text messages with a fraudulent link to click, claiming an important notice from Fido.

Then, in January 2020, he sent 32,000 similar text messages in which he mentioned company names like Netflix or TD Bank.

A search of the accused's bedroom at the family's residence in Chateauguay on Montreal's South Shore revealed a Samsung phone used to send more than 51,000 phishing text messages between October and December 2019.

Multiple malware and phishing tools were found on Bacha's computer.

Macroviruses “infect computer devices and [à] Reason to download a remote control program,” we read in an agreed summary of facts recently filed at the Salaberry-de-Valleyfield courthouse.

More than 1,500 credit or bank card details were recovered from the accused. According to the police investigation, Bacha managed to use 32 cards in 2019 and 2020.

Bacha, who currently lives at the André-Laurendeau CEGEP residences in Montreal's LaSalle borough, remotely connected to the victims' computers using their passwords.

Essentially, he connected to a BMO customer's bank account, which allowed him to create a new email address and PayPal account with his own data.

“However, an analysis of the seized equipment was unable to quantify the direct monetary loss to the identified victims,” ​​we noted.

Anis Rayane Bacha pleaded guilty to two counts of unauthorized use of a computer, unauthorized use of credit card data, unauthorized use of computer passwords and possession of a device for identity theft.

The fraud was exposed

The investigation surrounding Anise Ryane Bacha began in May 2019, after he tried through several means to access the Omnimed software, which at the time contained the medical records of two million Quebecers.

Specifically, he sent a phishing text to three employees, encouraging them to connect to a fake Omnime page.

However, they did not follow up on the messages and an internal investigation was launched, which led to the discovery of an IP address linked to a fraudulent website, which belonged to the suspect.

The suspect was arrested in Ontario in May 2020 with a firearm, cell phones, a computer and more than $25,000.

Anis Rayane Bacha, represented by M^e Rami El-Turabi is due back in court next August for further hearings.