Quebec sent nearly 130,000 phishing text messages

A young man, from the south coast of Montreal, admitted to sending nearly 130,000 phishing text messages in 2019 and 2020, mainly pretending to be Fido, Netflix or various financial institutions.

In the summer of 2020, Rogers fraud investigators identified Anis Rayan Basha's phone as having been used to send phishing messages to clients of Desjardins, Rogers and Fido.

The previous year, the 25-year-old accused, claiming an important notification from Fido, sent 45,600 fraudulent text messages containing a fraudulent link to click.

Then, in January 2020, he sent 32,000 similar text messages, mentioning the names of companies like Netflix or TD Bank.

A search of the defendant's bedroom at the family's residence in Chateauguay on Montreal's South Shore revealed a Samsung phone that was also used to send more than 51,000 phishing text messages between October and December 2019.

Several malware and phishing tools were discovered inside Pasha's computer.

Large viruses aim to “infect computers and [à] “There was also the reason for downloading the remote control software,” we can read in the agreed summary of facts recently submitted to the Salaberry-de-Valleyfield court.

The accused was found in possession of more than 1,500 pieces of credit card or bank data. Al-Basha was able to use 32 cards in 2019 and 2020, according to police investigations.

Pasha, who now resides at the André-Laurendeau CEGEP residences, in Montreal's LaSalle neighbourhood, also connected remotely to the computers, using the victims' passwords.

In particular, he connected to the bank account of a BMO customer, which then allowed him to create a new email address and PayPal account with his own data.

We note that “analysis of the seized equipment did not enable us to determine the direct financial loss of the identified victims.”

Therefore, Anis Rayyan Pasha pleaded guilty to two counts of possession of a device that allows unauthorized use of a computer, unauthorized use of credit card data, unauthorized use of computer passwords, and identity theft.

Fraud exposed

The investigation into Anis Rayan Basha began in May 2019 when he tried by various means to access the Omnimed software, which at the time contained the medical records of two million Quebecers.

In particular, he sent three employees a phishing text message encouraging them to contact the fake Omnimed page.

However, they did not follow up on the messages and an internal investigation was opened, which led to the discovery of the IP address associated with the fraudulent website belonging to the accused.

The defendant was then arrested in Ontario in May 2020 in possession of a firearm, cell phones, a computer, and more than $25,000.

Anis Rayan Pasha, represented by M^H Rami Al-Turabi will return to court next August to continue the proceedings.