Romanian National Extradited to U.S. for 2009-2010 Bank Fraud Scheme
A Romanian national has been extradited to the United States to face charges for his role in a VoIP-based vishing and bank fraud scheme that took place 17 years ago.

A 53-year-old Romanian national, Gavril Sandu, has been extradited to the United States to face charges related to a sophisticated cybercrime operation that occurred between 2009 and 2010 SecurityWeek. Sandu was arrested in Romania in January 2026 and brought to the U.S. in late April to answer for his alleged role in a long-running bank fraud conspiracy SecurityWeek.
The criminal scheme involved the compromise of small businesses' Voice over IP (VoIP) systems. Once access was gained, the attackers deployed malicious scripts designed to facilitate "vishing"—voice phishing—attacks. These scripts were used to contact customers of various financial institutions, tricking victims into disclosing sensitive personal and financial information, including login credentials, payment card numbers, and PINs SecurityWeek.
Sandu’s specific contribution to the operation involved leveraging this stolen data to clone payment cards. Furthermore, he acted as a money mule, utilizing the cloned cards to make unauthorized withdrawals from the victims' accounts SecurityWeek. A federal grand jury indicted Sandu on charges of conspiracy to commit bank fraud and bank fraud in 2017, though the underlying criminal activity predates the indictment by several years SecurityWeek.
The suspect remains in federal custody and faces a potential sentence of up to 30 years in prison if convicted SecurityWeek. The extradition marks the conclusion of a lengthy pursuit by U.S. authorities, with Reid Davis, special agent in charge of the FBI in North Carolina, emphasizing that the agency remains committed to tracking international cyber fraudsters regardless of the time elapsed since the crimes were committed SecurityWeek.
The 17-year gap between the alleged offenses and the extradition is particularly notable, even within the context of complex international cybercrime investigations SecurityWeek. This case follows a pattern of long-term accountability for international cybercriminals, similar to the 2023 sentencing of Mihai Ionut Paunescu, who received three years in prison for operating a bulletproof hosting service that supported notorious malware families like Gozi, Zeus, and SpyEye, more than a decade after his initial criminal activity SecurityWeek.
These cases highlight the persistent nature of international law enforcement efforts to hold cybercriminals accountable, even as the digital landscape evolves. The long intervals between criminal acts and legal resolution underscore the challenges inherent in cross-border investigations and the enduring commitment of agencies like the FBI to pursue justice for historical financial crimes SecurityWeek.