Man gets 5 years for buying 38,000 PayPal stolen account credentials from the Internet

The U.S. Department of Justice (DOJ) announced that Marcos Ponce, 37, has been sentenced to five years in prison for his participation in a fraudulent scheme based on the purchase of stolen PayPal account credentials, defrauding affected users of more than $1 million USD.

The Austin, Texas, resident pleaded guilty to conspiracy to commit electronic fraud in late 2021. As part of his plea agreement, he will also have to pay a total of $1.4 million in restitution for the harm caused to his victims.

According to prosecutors, between 2015 and 2018 Ponce and his accomplices created user accounts on an illegal dark web platform, specializing in the sale of confidential information such as access credentials to PayPal and other similar services.

Employing social engineering tactics, the suspect tricked third parties into accepting money transfers from the compromised PayPal accounts, in an attempt to remove the trace of their cybercriminal activity to their own accounts.

Kenneth Polite of the DOJ’s Criminal Division believes resolutions like this are important in the fight against organized crime: “The Department remains strongly committed to protecting people from scammers like this. This sentence sends a clear message to would-be thieves: online crime has real-world consequences.”

Access credentials to PayPal accounts are a highly attractive target for cybercriminals. Last August, a group of fraudsters posed as Europol executives to threaten their victims with alleged criminal proceedings in order to access their accounts in PayPal.

Finally, Assistant Director in Charge Steven D’Antuono of the FBI’s Washington Field Office said: “Today’s sentencing sends a message that the FBI will pursue cybercriminals across the globe; hiding behind a computer does not mean you can stay anonymous or out of reach of law enforcement”.

To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) websites.