The same DOJ case also alleges Sandu acted as a money mule to withdraw funds after using stolen debit-card and PIN data. Prosecutors frame the conduct as part of a coordinated scheme to convert stolen financial credentials into cash.

In a related account of the same federal case, prosecutors allege Gavril Sandu not only helped obtain debit-card and PIN information through vishing, but also participated in converting the stolen financial data into usable proceeds. The DOJ announcement describes an alleged workflow in which attackers first acquired payment credentials by hacking VOIP systems and running a script to capture sensitive banking information. Once the scheme allegedly obtained the cards and PINs, prosecutors claim Sandu took additional steps to enable withdrawals, including acting as a money mule. The government’s theory indicates the conspiracy was structured to reduce traceability: credential theft would produce fraudulent debit instruments, and subsequent withdrawals would be routed through participants positioned to retrieve funds. The extradition aspect—Sand u being transferred from Romania to the United States—highlights how these phone-based fraud operations can involve international infrastructure and cross-border actors. While the court proceedings will determine guilt, the DOJ release emphasizes the alleged role played in the financial-extraction stage of the fraud, not just the initial data theft. The matter is prosecuted as bank fraud and related offenses tied to the vishing conspiracy.