Phishing and YouTube marijuana videos send man to jail for 13 years

FBI logoA Los Angeles man has been sentenced to a total of 13 years in jail after being found guilty of leading an international phishing operation, and growing marijuana on an industrial scale in his house.

27-year-old Kenneth Joseph Lucas II was sentenced after judges found the Los Angeles man guilty of leading the US branch of an international phishing operation that stole banking login details through spam email and bogus websites.

In addition, Lucas found himself on the wrong side of the law for growing more than 100 marijuana plants in his home, in a set-up which included an irrigation system, fans, indoor lighting and ventilation. He was clearly proud of his industrial scale marijuana operation as he posted videos on YouTube showing off his set-up.

What a plonker.

Sign up to our free newsletter.
Security news, advice, and tips.

A fish, a frying pan, a marijuana leafLucas was the lead defendant in part of a multinational investigation known as “Operation Phish Phry”. The operation, which spanned the United States and Egypt, led to charges against 100 individuals in total – the largest number of defendants ever charged in a cybercrime case according to an FBI press release

As a result of Operation Phish Phry, 47 people have been convicted in federal court in Los Angeles.

Here’s how Operation Phish Phry worked.

Egyptian scammers would spam out emails that claimed to be from online banks. Victims would receive the emails, click on the links, and be directed to fake websites that pretended to be the online banks and enter their passwords, account numbers and other personal identifiable information.

The victims’ real bank accounts would be broken into, using the stolen information, and scammers in Egypt would transfer funds from the compromised accounts into other accounts.

Meanwhile, the US part of the phishing ring run by Lucas and two others recruited runners to set-up and use bank accounts which received the stolen funds.

The ring leaders would alert the runners through various methods (SMS, internet chat, and phone calls) to withdraw the cash and send it to them via Western Union. A portion of the money stolen was then transferred via wire services to the Egyptian gang members.

The total amount of money stolen in this way was estimated to be more than $1 million.

So, don’t doubt that the threat is real – and significant amounts of money have been stolen through phishing. Banks and consumers alike need to take security seriously and make it harder for criminals to break into accounts and steal our hard-earned cash.

Sophos has published some best practice guidelines to help you avoid being phished.


Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.